curl: add patch for CVE-2021-22945
included as all curl patches need to be in-repo due to bootstrapping issues
This commit is contained in:
parent
e667988cc3
commit
13f8720032
2 changed files with 28 additions and 0 deletions
pkgs/tools/networking/curl
27
pkgs/tools/networking/curl/CVE-2021-22945.patch
Normal file
27
pkgs/tools/networking/curl/CVE-2021-22945.patch
Normal file
|
@ -0,0 +1,27 @@
|
|||
From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001
|
||||
From: z2_ on hackerone <>
|
||||
Date: Tue, 24 Aug 2021 09:50:33 +0200
|
||||
Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
|
||||
|
||||
CVE-2021-22945
|
||||
|
||||
Bug: https://curl.se/docs/CVE-2021-22945.html
|
||||
---
|
||||
lib/mqtt.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/lib/mqtt.c b/lib/mqtt.c
|
||||
index f077e6c3dc44..fcd40b41e600 100644
|
||||
--- a/lib/mqtt.c
|
||||
+++ b/lib/mqtt.c
|
||||
@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
|
||||
mq->sendleftovers = sendleftovers;
|
||||
mq->nsend = nsend;
|
||||
}
|
||||
+ else {
|
||||
+ mq->sendleftovers = NULL;
|
||||
+ mq->nsend = 0;
|
||||
+ }
|
||||
return result;
|
||||
}
|
||||
|
|
@ -57,6 +57,7 @@ stdenv.mkDerivation rec {
|
|||
./CVE-2021-22897.patch
|
||||
./CVE-2021-22898.patch
|
||||
./CVE-2021-22901.patch
|
||||
./CVE-2021-22945.patch
|
||||
];
|
||||
|
||||
outputs = [ "bin" "dev" "out" "man" "devdoc" ];
|
||||
|
|
Loading…
Reference in a new issue