poky/meta/recipes-support/curl/curl/CVE-2022-27781.patch - openbmc/openbmc - Gitiles

 From 5bb5b2a901db4c6441fc451f21408be2a9463058 Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel@haxx.se>
 Date: Mon, 9 May 2022 10:07:15 +0200
 Subject: [PATCH] nss: return error if seemingly stuck in a cert loop

 CVE-2022-27781

 Reported-by: Florian Kohnhäuser
 Bug: https://curl.se/docs/CVE-2022-27781.html
 Closes #8822

 Upstream-Status: Backport [https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917]
 Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
 ---
  lib/vtls/nss.c | 8 ++++++++
  1 file changed, 8 insertions(+)

 diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
 index 558e3be..52f2060 100644
 --- a/lib/vtls/nss.c
 +++ b/lib/vtls/nss.c
 @@ -983,6 +983,9 @@ static void display_cert_info(struct Curl_easy *data,
    PR_Free(common_name);
  }

 +/* A number of certs that will never occur in a real server handshake */
 +#define TOO_MANY_CERTS 300
 +
  static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
  {
    CURLcode result = CURLE_OK;
 @@ -1018,6 +1021,11 @@ static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
          cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
          while(cert2) {
            i++;
 +          if(i >= TOO_MANY_CERTS) {
 +            CERT_DestroyCertificate(cert2);
 +            failf(data, "certificate loop");
 +            return CURLE_SSL_CERTPROBLEM;
 +          }
            if(cert2->isRoot) {
              CERT_DestroyCertificate(cert2);
              break;
	From 5bb5b2a901db4c6441fc451f21408be2a9463058 Mon Sep 17 00:00:00 2001
	From: Daniel Stenberg <daniel@haxx.se>
	Date: Mon, 9 May 2022 10:07:15 +0200
	Subject: [PATCH] nss: return error if seemingly stuck in a cert loop

	CVE-2022-27781

	Reported-by: Florian Kohnhäuser
	Bug: https://curl.se/docs/CVE-2022-27781.html
	Closes #8822

	Upstream-Status: Backport [https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917]
	Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
	---
	lib/vtls/nss.c \| 8 ++++++++
	1 file changed, 8 insertions(+)

	diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
	index 558e3be..52f2060 100644
	--- a/lib/vtls/nss.c
	+++ b/lib/vtls/nss.c
	@@ -983,6 +983,9 @@ static void display_cert_info(struct Curl_easy *data,
	PR_Free(common_name);
	}

	+/* A number of certs that will never occur in a real server handshake */
	+#define TOO_MANY_CERTS 300
	+
	static CURLcode display_conn_info(struct Curl_easy data, PRFileDesc sock)
	{
	CURLcode result = CURLE_OK;
	@@ -1018,6 +1021,11 @@ static CURLcode display_conn_info(struct Curl_easy data, PRFileDesc sock)
	cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
	while(cert2) {
	i++;
	+ if(i >= TOO_MANY_CERTS) {
	+ CERT_DestroyCertificate(cert2);
	+ failf(data, "certificate loop");
	+ return CURLE_SSL_CERTPROBLEM;
	+ }
	if(cert2->isRoot) {
	CERT_DestroyCertificate(cert2);
	break;