Lakitu: curl: backport fix for CVE-2021-22945

Backport fix to clear leftovers pointer when sending succeeds in mqtt.c
from net-misc/curl upstream commit 43157490a5054bd.

BUG=b/202379445
TEST=presubmit, validation tests
RELEASE_NOTE=Fixed CVE-2021-22945 in net-misc/curl

cos-patch: security-high
Change-Id: I55595855de89cac3d3980b4ba17a595fff0f2c61
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/24016
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/net-misc/curl/curl-7.78.0-r1.ebuild b/net-misc/curl/curl-7.78.0-r2.ebuild
similarity index 97%
rename from net-misc/curl/curl-7.78.0-r1.ebuild
rename to net-misc/curl/curl-7.78.0-r2.ebuild
index f6351ce..0f19051 100644
--- a/net-misc/curl/curl-7.78.0-r1.ebuild
+++ b/net-misc/curl/curl-7.78.0-r2.ebuild
@@ -99,6 +99,9 @@
 PATCHES=(
 	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
+	# lakitu: apply upstream patch to resolve CVE-2021-22945
+	# https://github.com/curl/curl/commit/43157490a5054bd
+	"${FILESDIR}"/${PN}-mqtt-clear-leftover-pointer-on-send-success.patch
 )
 
 src_prepare() {
diff --git a/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch b/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch
new file mode 100644
index 0000000..ffa020e
--- /dev/null
+++ b/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch
@@ -0,0 +1,30 @@
+From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001
+From: z2_ on hackerone <>
+Date: Tue, 24 Aug 2021 09:50:33 +0200
+Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
+
+CVE-2021-22945
+
+Bug: https://curl.se/docs/CVE-2021-22945.html
+---
+ lib/mqtt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index f077e6c3d..fcd40b41e 100644
+--- a/lib/mqtt.c
++++ b/lib/mqtt.c
+@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
+     mq->sendleftovers = sendleftovers;
+     mq->nsend = nsend;
+   }
++  else {
++    mq->sendleftovers = NULL;
++    mq->nsend = 0;
++  }
+   return result;
+ }
+ 
+-- 
+2.33.0.1079.g6e70778dc9-goog
+