domenico/openwrt-18.06
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
domenico
2025-06-24 15:51:28 +02:00
commit 22031d9dab
6862 changed files with 1462554 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
package/network/utils/curl/Config.in Normal file
View File

@@ -0,0 +1,160 @@
if PACKAGE_libcurl
comment "SSL support"
choice
prompt "Selected SSL library"
default LIBCURL_MBEDTLS
config LIBCURL_MBEDTLS
bool "mbed TLS"
config LIBCURL_WOLFSSL
bool "wolfSSL"
config LIBCURL_OPENSSL
bool "OpenSSL"
config LIBCURL_GNUTLS
bool "GNUTLS"
config LIBCURL_NOSSL
bool "No SSL support"
endchoice
comment "Supported protocols"
config LIBCURL_DICT
bool "DICT protocol"
default n
config LIBCURL_FILE
bool "FILE protocol"
default y
config LIBCURL_FTP
bool "FTP / FTPS protocol"
default y
config LIBCURL_GOPHER
bool "Gopher protocol"
default n
config LIBCURL_HTTP
bool "HTTP / HTTPS protocol"
default y
config LIBCURL_COOKIES
bool "Enable Cookies support"
depends on LIBCURL_HTTP
default y
config LIBCURL_IMAP
bool "IMAP / IMAPS protocol"
default n
config LIBCURL_LDAP
bool "LDAP protocol"
default n
config LIBCURL_LDAPS
bool "Enable LDAPS support"
depends on LIBCURL_LDAP && !LIBCURL_NOSSL
default y
config LIBCURL_POP3
bool "POP3 / POP3S protocol"
default n
config LIBCURL_RTSP
bool "RTSP protocol"
depends on LIBCURL_HTTP
default n
config LIBCURL_NO_RTSP
string "RTSP require HTTP protocol"
depends on !LIBCURL_HTTP
default "!"
config LIBCURL_SSH2
bool "SCP / SFTP protocol"
default n
config LIBCURL_SMB
bool "SMB protocol (CIFS)"
depends on LIBCURL_CRYPTO_AUTH && (LIBCURL_GNUTLS || LIBCURL_OPENSSL)
default n
config LIBCURL_NO_SMB
string "SMB require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL'"
depends on !LIBCURL_CRYPTO_AUTH || (!LIBCURL_GNUTLS && !LIBCURL_OPENSSL)
default "!"
config LIBCURL_SMTP
bool "SMTP / SMTPS protocol"
default n
config LIBCURL_TELNET
bool "TELNET protocol"
default n
config LIBCURL_TFTP
bool "TFTP protocol"
default n
config LIBCURL_NGHTTP2
bool "HTTP2 protocol"
default n
comment "Miscellaneous"
config LIBCURL_PROXY
bool "Enable proxy support"
default y
config LIBCURL_CRYPTO_AUTH
bool "Enable cryptographic authentication"
default n
config LIBCURL_TLS_SRP
bool "Enable TLS-SRP authentication"
default n
config LIBCURL_LIBIDN2
bool "Enable IDN2 support"
default n
config LIBCURL_THREADED_RESOLVER
bool "Enable threaded DNS resolver"
default n
help
Enable POSIX threaded asynchronous DNS resolution
config LIBCURL_ZLIB
bool "Enable zlib support"
default n
config LIBCURL_UNIX_SOCKETS
bool "Enable unix domain socket support"
default n
help
Enable HTTP over unix domain sockets.
To use this with the curl command line, you specify the socket path to the new --unix-domain option.
This feature is actually not limited to HTTP, you can do all the TCP-based protocols
except FTP over the unix domain socket, but it is only HTTP that is regularly used this way.
The reason FTP isn't supported is of course its use of two connections
which would be even weirder to do like this.
config LIBCURL_LIBCURL_OPTION
bool "Enable generation of C code"
default n
config LIBCURL_VERBOSE
bool "Enable verbose error strings"
default n
config LIBCURL_NTLM
bool "Enable NTLM support"
depends on LIBCURL_CRYPTO_AUTH && !LIBCURL_NOSSL
default n
endif

183
package/network/utils/curl/Makefile Normal file
View File

@@ -0,0 +1,183 @@
#
# Copyright (C) 2007-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=curl
PKG_VERSION:=7.60.0
PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \
http://curl.mirror.anstey.ca/ \
http://curl.askapache.com/download/ \
https://curl.haxx.se/download/
PKG_HASH:=8736ff8ded89ddf7e926eec7b16f82597d029fc1469f3a551f1fafaac164e6a0
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:haxx:libcurl
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
PKG_CONFIG_DEPENDS:= \
CONFIG_IPV6 \
\
CONFIG_LIBCURL_WOLFSSL \
CONFIG_LIBCURL_GNUTLS \
CONFIG_LIBCURL_OPENSSL \
CONFIG_LIBCURL_MBEDTLS \
CONFIG_LIBCURL_NOSSL \
\
CONFIG_LIBCURL_LIBIDN2 \
CONFIG_LIBCURL_SSH2 \
CONFIG_LIBCURL_ZLIB \
\
CONFIG_LIBCURL_DICT \
CONFIG_LIBCURL_FILE \
CONFIG_LIBCURL_FTP \
CONFIG_LIBCURL_GOPHER \
CONFIG_LIBCURL_HTTP \
CONFIG_LIBCURL_IMAP \
CONFIG_LIBCURL_LDAP \
CONFIG_LIBCURL_LDAPS \
CONFIG_LIBCURL_POP3 \
CONFIG_LIBCURL_RTSP \
CONFIG_LIBCURL_NO_RTSP \
CONFIG_LIBCURL_SMB \
CONFIG_LIBCURL_NO_SMB \
CONFIG_LIBCURL_SMTP \
CONFIG_LIBCURL_TELNET \
CONFIG_LIBCURL_TFTP \
CONFIG_LIBCURL_NGHTTP2 \
\
CONFIG_LIBCURL_COOKIES \
CONFIG_LIBCURL_CRYPTO_AUTH \
CONFIG_LIBCURL_LIBCURL_OPTION \
CONFIG_LIBCURL_PROXY \
CONFIG_LIBCURL_THREADED_RESOLVER \
CONFIG_LIBCURL_TLS_SRP \
CONFIG_LIBCURL_UNIX_SOCKETS \
CONFIG_LIBCURL_VERBOSE \
CONFIG_LIBCURL_NTLM
include $(INCLUDE_DIR)/package.mk
define Package/curl/Default
SECTION:=net
CATEGORY:=Network
URL:=http://curl.haxx.se/
MAINTAINER:=Imre Kaloz <kaloz@openwrt.org>
endef
define Package/curl
$(call Package/curl/Default)
SUBMENU:=File Transfer
DEPENDS:=+libcurl
TITLE:=A client-side URL transfer utility
endef
define Package/libcurl
$(call Package/curl/Default)
SECTION:=libs
CATEGORY:=Libraries
DEPENDS:= +LIBCURL_WOLFSSL:libwolfssl +LIBCURL_OPENSSL:libopenssl +LIBCURL_GNUTLS:libgnutls +LIBCURL_MBEDTLS:libmbedtls
DEPENDS += +LIBCURL_ZLIB:zlib +LIBCURL_THREADED_RESOLVER:libpthread +LIBCURL_LDAP:libopenldap +LIBCURL_LIBIDN2:libidn2
DEPENDS += +LIBCURL_SSH2:libssh2 +LIBCURL_NGHTTP2:libnghttp2 +ca-bundle
TITLE:=A client-side URL transfer library
MENU:=1
endef
define Package/libcurl/config
source "$(SOURCE)/Config.in"
endef
TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
TARGET_CPPFLAGS += $(if $(CONFIG_LIBCURL_NTLM),,-DCURL_DISABLE_NTLM)
TARGET_LDFLAGS += -Wl,--gc-sections
CONFIGURE_ARGS += \
--disable-debug \
--disable-ares \
--enable-shared \
--enable-static \
--disable-manual \
--without-nss \
--without-libmetalink \
--without-librtmp \
--without-libidn \
--without-ca-path \
--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
\
$(call autoconf_bool,CONFIG_IPV6,ipv6) \
\
$(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \
$(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \
$(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \
$(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls) \
\
$(if $(CONFIG_LIBCURL_LIBIDN2),--with-libidn2="$(STAGING_DIR)/usr",--without-libidn2) \
$(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \
$(if $(CONFIG_LIBCURL_ZLIB),--with-zlib="$(STAGING_DIR)/usr",--without-zlib) \
$(if $(CONFIG_LIBCURL_NGHTTP2),--with-nghttp2="$(STAGING_DIR)/usr",--without-nghttp2) \
\
$(call autoconf_bool,CONFIG_LIBCURL_DICT,dict) \
$(call autoconf_bool,CONFIG_LIBCURL_FILE,file) \
$(call autoconf_bool,CONFIG_LIBCURL_FTP,ftp) \
$(call autoconf_bool,CONFIG_LIBCURL_GOPHER,gopher) \
$(call autoconf_bool,CONFIG_LIBCURL_HTTP,http) \
$(call autoconf_bool,CONFIG_LIBCURL_IMAP,imap) \
$(call autoconf_bool,CONFIG_LIBCURL_LDAP,ldap) \
$(call autoconf_bool,CONFIG_LIBCURL_LDAPS,ldaps) \
$(call autoconf_bool,CONFIG_LIBCURL_POP3,pop3) \
$(call autoconf_bool,CONFIG_LIBCURL_RTSP,rtsp) \
$(call autoconf_bool,CONFIG_LIBCURL_SMB,smb) \
$(call autoconf_bool,CONFIG_LIBCURL_SMTP,smtp) \
$(call autoconf_bool,CONFIG_LIBCURL_TELNET,telnet) \
$(call autoconf_bool,CONFIG_LIBCURL_TFTP,tftp) \
\
$(call autoconf_bool,CONFIG_LIBCURL_COOKIES,cookies) \
$(call autoconf_bool,CONFIG_LIBCURL_CRYPTO_AUTH,crypto-auth) \
$(call autoconf_bool,CONFIG_LIBCURL_LIBCURL_OPTION,libcurl-option) \
$(call autoconf_bool,CONFIG_LIBCURL_PROXY,proxy) \
$(call autoconf_bool,CONFIG_LIBCURL_THREADED_RESOLVER,threaded-resolver) \
$(call autoconf_bool,CONFIG_LIBCURL_TLS_SRP,tls-srp) \
$(call autoconf_bool,CONFIG_LIBCURL_UNIX_SOCKETS,unix-sockets) \
$(call autoconf_bool,CONFIG_LIBCURL_VERBOSE,verbose) \
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
DESTDIR="$(PKG_INSTALL_DIR)" \
CC="$(TARGET_CC)" \
install
endef
define Build/InstallDev
$(INSTALL_DIR) $(2)/bin $(1)/usr/bin $(1)/usr/include $(1)/usr/lib $(1)/usr/lib/pkgconfig
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/curl-config $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/include/curl $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcurl.{a,so*} $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/libcurl.pc $(1)/usr/lib/pkgconfig/
$(SED) 's,-L$$$${exec_prefix}/lib,,g' $(1)/usr/bin/curl-config
[ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/libcurl.pc || true
$(LN) $(STAGING_DIR)/usr/bin/curl-config $(2)/bin/
endef
define Package/curl/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/curl $(1)/usr/bin/
endef
define Package/libcurl/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcurl.so.* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,curl))
$(eval $(call BuildPackage,libcurl))

22
package/network/utils/curl/patches/200-no_docs_tests.patch Normal file
View File

@@ -0,0 +1,22 @@
--- a/Makefile.am
+++ b/Makefile.am
@@ -168,7 +168,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
bin_SCRIPTS = curl-config
SUBDIRS = lib src
-DIST_SUBDIRS = $(SUBDIRS) tests packages scripts include docs
+DIST_SUBDIRS = $(SUBDIRS) packages include
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcurl.pc
@@ -279,8 +279,8 @@ cygwinbin:
# We extend the standard install with a custom hook:
install-data-hook:
cd include && $(MAKE) install
- cd docs && $(MAKE) install
- cd docs/libcurl && $(MAKE) install
+ #cd docs && $(MAKE) install
+ #cd docs/libcurl && $(MAKE) install
# We extend the standard uninstall with a custom hook:
uninstall-hook:

11
package/network/utils/curl/patches/310-mbedtls-disable-runtime-version-check.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -814,7 +814,7 @@ static void Curl_mbedtls_session_free(vo
static size_t Curl_mbedtls_version(char *buffer, size_t size)
{
- unsigned int version = mbedtls_version_get_number();
+ unsigned int version = MBEDTLS_VERSION_NUMBER;
return snprintf(buffer, size, "mbedTLS/%u.%u.%u", version>>24,
(version>>16)&0xff, (version>>8)&0xff);
}

32
package/network/utils/curl/patches/400-CVE-2018-0500.patch Normal file
View File

@@ -0,0 +1,32 @@
From ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 13 Jun 2018 12:24:40 +0200
Subject: [PATCH] smtp: use the upload buffer size for scratch buffer malloc
... not the read buffer size, as that can be set smaller and thus cause
a buffer overflow! CVE-2018-0500
Reported-by: Peter Wu
Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
---
lib/smtp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1563,13 +1563,14 @@ CURLcode Curl_smtp_escape_eob(struct con
if(!scratch || data->set.crlf) {
oldscratch = scratch;
- scratch = newscratch = malloc(2 * data->set.buffer_size);
+ scratch = newscratch = malloc(2 * UPLOAD_BUFSIZE);
if(!newscratch) {
failf(data, "Failed to alloc scratch buffer!");
return CURLE_OUT_OF_MEMORY;
}
}
+ DEBUGASSERT(UPLOAD_BUFSIZE >= nread);
/* Have we already sent part of the EOB? */
eob_sent = smtp->eob;

32
package/network/utils/curl/patches/401-CVE-2018-14618.patch Normal file
View File

@@ -0,0 +1,32 @@
From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 13 Aug 2018 10:35:52 +0200
Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password
... since it would cause an integer overflow if longer than (max size_t
/ 2).
This is CVE-2018-14618
Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
---
lib/curl_ntlm_core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struc
unsigned char *ntbuffer /* 21 bytes */)
{
size_t len = strlen(password);
- unsigned char *pw = len ? malloc(len * 2) : strdup("");
+ unsigned char *pw;
CURLcode result;
+ if(len > SIZE_T_MAX/2) /* avoid integer overflow */
+ return CURLE_OUT_OF_MEMORY;
+ pw = len ? malloc(len * 2) : strdup("");
if(!pw)
return CURLE_OUT_OF_MEMORY;

23
package/network/utils/curl/patches/402-CVE-2018-16839.patch Normal file
View File

@@ -0,0 +1,23 @@
From f3a24d7916b9173c69a3e0ee790102993833d6c5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 28 Sep 2018 16:08:16 +0200
Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
---
lib/vauth/cleartext.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(
plen = strlen(passwdp);
/* Compute binary message length. Check for overflows. */
- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
return CURLE_OUT_OF_MEMORY;
plainlen = 2 * ulen + plen + 2;

31
package/network/utils/curl/patches/403-CVE-2018-16840.patch Normal file
View File

@@ -0,0 +1,31 @@
From 81d135d67155c5295b1033679c606165d4e28f3f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 18 Oct 2018 15:07:15 +0200
Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
use-after-free
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
---
lib/url.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/lib/url.c
+++ b/lib/url.c
@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *da
and detach this handle from there. */
curl_multi_remove_handle(data->multi, data);
- if(data->multi_easy)
+ if(data->multi_easy) {
/* when curl_easy_perform() is used, it creates its own multi handle to
use and this is the one */
curl_multi_cleanup(data->multi_easy);
+ data->multi_easy = NULL;
+ }
/* Destroy the timeout list that is held in the easy handle. It is
/normally/ done by curl_multi_remove_handle() but this is "just in

23
package/network/utils/curl/patches/404-CVE-2018-16842.patch Normal file
View File

@@ -0,0 +1,23 @@
From d530e92f59ae9bb2d47066c3c460b25d2ffeb211 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 28 Oct 2018 01:33:23 +0200
Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
CVE-2018-16842
Reported-by: Brian Carpenter
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
---
src/tool_msgs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/tool_msgs.c
+++ b/src/tool_msgs.c
@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *c
(void)fwrite(ptr, cut + 1, 1, config->errors);
fputs("\n", config->errors);
ptr += cut + 1; /* skip the space too */
- len -= cut;
+ len -= cut + 1;
}
else {
fputs(ptr, config->errors);

42
package/network/utils/curl/patches/405-CVE-2019-3823.patch Normal file
View File

@@ -0,0 +1,42 @@
From 39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Sat, 19 Jan 2019 00:42:47 +0100
Subject: [PATCH] smtp: avoid risk of buffer overflow in strtol
If the incoming len 5, but the buffer does not have a termination
after 5 bytes, the strtol() call may keep reading through the line
buffer until is exceeds its boundary. Fix by ensuring that we are
using a bounded read with a temporary buffer on the stack.
Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
Reported-by: Brian Carpenter (Geeknik Labs)
CVE-2019-3823
---
lib/smtp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connec
Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
only send the response code instead as per Section 4.2. */
if(line[3] == ' ' || len == 5) {
+ char tmpline[6];
+
result = TRUE;
- *resp = curlx_sltosi(strtol(line, NULL, 10));
+ memset(tmpline, '\0', sizeof(tmpline));
+ memcpy(tmpline, line, (len == 5 ? 5 : 3));
+ *resp = curlx_sltosi(strtol(tmpline, NULL, 10));
/* Make sure real server never sends internal value */
if(*resp == 1)

33
package/network/utils/curl/patches/406-CVE-2019-3822.patch Normal file
View File

@@ -0,0 +1,33 @@
From 50c9484278c63b958655a717844f0721263939cc Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 3 Jan 2019 12:59:28 +0100
Subject: [PATCH] ntlm: fix *_type3_message size check to avoid buffer overflow
Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
Reported-by: Wenxiang Qian
CVE-2019-3822
---
lib/vauth/ntlm.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -776,11 +776,14 @@ CURLcode Curl_auth_create_ntlm_type3_mes
});
#ifdef USE_NTRESPONSES
- if(size < (NTLM_BUFSIZE - ntresplen)) {
- DEBUGASSERT(size == (size_t)ntrespoff);
- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
- size += ntresplen;
+ /* ntresplen + size should not be risking an integer overflow here */
+ if(ntresplen + size > sizeof(ntlmbuf)) {
+ failf(data, "incoming NTLM message too big");
+ return CURLE_OUT_OF_MEMORY;
}
+ DEBUGASSERT(size == (size_t)ntrespoff);
+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+ size += ntresplen;
DEBUG_OUT({
fprintf(stderr, "\n ntresp=");

37
package/network/utils/curl/patches/407-CVE-2018-16890.patch Normal file
View File

@@ -0,0 +1,37 @@
From b780b30d1377adb10bbe774835f49e9b237fb9bb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 2 Jan 2019 20:33:08 +0100
Subject: [PATCH] NTLM: fix size check condition for type2 received data
Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
Reported-by: Wenxiang Qian
CVE-2018-16890
---
lib/vauth/ntlm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target
target_info_len = Curl_read16_le(&buffer[40]);
target_info_offset = Curl_read32_le(&buffer[44]);
if(target_info_len > 0) {
- if(((target_info_offset + target_info_len) > size) ||
+ if((target_info_offset >= size) ||
+ ((target_info_offset + target_info_len) > size) ||
(target_info_offset < 48)) {
infof(data, "NTLM handshake failure (bad type-2 message). "
- "Target Info Offset Len is set incorrect by the peer\n");
+ "Target Info Offset Len is set incorrect by the peer\n");
return CURLE_BAD_CONTENT_ENCODING;
}