From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [git commit branch/2017.02.x] wget: add upstream security fix
Date: Fri, 31 Mar 2017 00:14:06 +0200 [thread overview]
Message-ID: <20170331071605.A2C96826C6@busybox.osuosl.org> (raw)
commit: https://git.buildroot.net/buildroot/commit/?id=05bc9b0c339d3ed0830cff3e702cdccefcf2b068
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
Fixes CVE-2017-6508: CRLF injection in the url_parse function in url.c
http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7132fc9c11573a460243895c85e66b514b71c041)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...0001-Fix-CRLF-injection-in-Wget-host-part.patch | 40 ++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/package/wget/0001-Fix-CRLF-injection-in-Wget-host-part.patch b/package/wget/0001-Fix-CRLF-injection-in-Wget-host-part.patch
new file mode 100644
index 0000000..380b075
--- /dev/null
+++ b/package/wget/0001-Fix-CRLF-injection-in-Wget-host-part.patch
@@ -0,0 +1,40 @@
+From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Mon, 6 Mar 2017 10:04:22 +0100
+Subject: [PATCH] Fix CRLF injection in Wget host part
+
+* src/url.c (url_parse): Reject control characters in host part of URL
+
+Reported-by: Orange Tsai
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 4d729e322fae35
+
+ src/url.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/url.c b/src/url.c
+index 8f8ff0b881af..7d36b27d7b92 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
+ url_unescape (u->host);
+ host_modified = true;
+
++ /* check for invalid control characters in host name */
++ for (p = u->host; *p; p++)
++ {
++ if (c_iscntrl(*p))
++ {
++ url_free(u);
++ error_code = PE_INVALID_HOST_NAME;
++ goto error;
++ }
++ }
++
+ /* Apply IDNA regardless of iri->utf8_encode status */
+ if (opt.enable_iri && iri)
+ {
+--
+2.11.0
+
reply other threads:[~2017-03-30 22:14 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170331071605.A2C96826C6@busybox.osuosl.org \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.