import-layers/yocto-poky/meta/recipes-support/curl/curl/CVE-2017-1000101.patch - openbmc/openbmc - Gitiles

 From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel@haxx.se>
 Date: Tue, 1 Aug 2017 17:16:07 +0200
 Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
  range

 Added test 1289 to verify.

 CVE: CVE-2017-1000101

 Bug: https://curl.haxx.se/docs/adv_20170809A.html
 Reported-by: Brian Carpenter

 Upstream-Status: Backport
 https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7

 Rebase the tests/data/Makefile.inc changes for curl 7.54.1.

 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
  src/tool_urlglob.c      |  5 ++++-
  tests/data/Makefile.inc |  2 +-
  tests/data/test1289     | 35 +++++++++++++++++++++++++++++++++++
  3 files changed, 40 insertions(+), 2 deletions(-)
  create mode 100644 tests/data/test1289

 diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
 index 6b1ece0..d56dcd9 100644
 --- a/src/tool_urlglob.c
 +++ b/src/tool_urlglob.c
 @@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
          }
          errno = 0;
          max_n = strtoul(pattern, &endp, 10);
 -        if(errno || (*endp == ':')) {
 +        if(errno)
 +          /* overflow */
 +          endp = NULL;
 +        else if(*endp == ':') {
            pattern = endp+1;
            errno = 0;
            step_n = strtoul(pattern, &endp, 10);
 diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
 index 155320a..7adbee6 100644
 --- a/tests/data/Makefile.inc
 +++ b/tests/data/Makefile.inc
 @@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
  test1260 test1261 test1262 \
  \
  test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
 -test1288 \
 +test1288 test1289 \
  \
  test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
  test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
 diff --git a/tests/data/test1289 b/tests/data/test1289
 new file mode 100644
 index 0000000..d679cc0
 --- /dev/null
 +++ b/tests/data/test1289
 @@ -0,0 +1,35 @@
 +<testcase>
 +<info>
 +<keywords>
 +HTTP
 +HTTP GET
 +globbing
 +</keywords>
 +</info>
 +
 +#
 +# Server-side
 +<reply>
 +</reply>
 +
 +# Client-side
 +<client>
 +<server>
 +http
 +</server>
 +<name>
 +globbing with overflow and bad syntxx
 +</name>
 +<command>
 +http://ur%20[0-60000000000000000000
 +</command>
 +</client>
 +
 +# Verify data after the test has been "shot"
 +<verify>
 +# curl: (3) [globbing] bad range in column
 +<errorcode>
 +3
 +</errorcode>
 +</verify>
 +</testcase>
 --
 2.11.0
	From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
	From: Daniel Stenberg <daniel@haxx.se>
	Date: Tue, 1 Aug 2017 17:16:07 +0200
	Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
	range

	Added test 1289 to verify.

	CVE: CVE-2017-1000101

	Bug: https://curl.haxx.se/docs/adv_20170809A.html
	Reported-by: Brian Carpenter

	Upstream-Status: Backport
	https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7

	Rebase the tests/data/Makefile.inc changes for curl 7.54.1.

	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
	---
	src/tool_urlglob.c \| 5 ++++-
	tests/data/Makefile.inc \| 2 +-
	tests/data/test1289 \| 35 +++++++++++++++++++++++++++++++++++
	3 files changed, 40 insertions(+), 2 deletions(-)
	create mode 100644 tests/data/test1289

	diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
	index 6b1ece0..d56dcd9 100644
	--- a/src/tool_urlglob.c
	+++ b/src/tool_urlglob.c
	@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob glob, char *patternp,
	}
	errno = 0;
	max_n = strtoul(pattern, &endp, 10);
	- if(errno \|\| (*endp == ':')) {
	+ if(errno)
	+ /* overflow */
	+ endp = NULL;
	+ else if(*endp == ':') {
	pattern = endp+1;
	errno = 0;
	step_n = strtoul(pattern, &endp, 10);
	diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
	index 155320a..7adbee6 100644
	--- a/tests/data/Makefile.inc
	+++ b/tests/data/Makefile.inc
	@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
	test1260 test1261 test1262 \
	\
	test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
	-test1288 \
	+test1288 test1289 \
	\
	test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
	test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
	diff --git a/tests/data/test1289 b/tests/data/test1289
	new file mode 100644
	index 0000000..d679cc0
	--- /dev/null
	+++ b/tests/data/test1289
	@@ -0,0 +1,35 @@
	+<testcase>
	+<info>
	+<keywords>
	+HTTP
	+HTTP GET
	+globbing
	+</keywords>
	+</info>
	+
	+#
	+# Server-side
	+<reply>
	+</reply>
	+
	+# Client-side
	+<client>
	+<server>
	+http
	+</server>
	+<name>
	+globbing with overflow and bad syntxx
	+</name>
	+<command>
	+http://ur%20[0-60000000000000000000
	+</command>
	+</client>
	+
	+# Verify data after the test has been "shot"
	+<verify>
	+# curl: (3) [globbing] bad range in column
	+<errorcode>
	+3
	+</errorcode>
	+</verify>
	+</testcase>
	--
	2.11.0