All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit branch/2017.02.x] wget: add upstream security fix
@ 2017-03-30 22:14 Peter Korsgaard
  0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2017-03-30 22:14 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=05bc9b0c339d3ed0830cff3e702cdccefcf2b068
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x

Fixes CVE-2017-6508: CRLF injection in the url_parse function in url.c

http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7132fc9c11573a460243895c85e66b514b71c041)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...0001-Fix-CRLF-injection-in-Wget-host-part.patch | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/package/wget/0001-Fix-CRLF-injection-in-Wget-host-part.patch b/package/wget/0001-Fix-CRLF-injection-in-Wget-host-part.patch
new file mode 100644
index 0000000..380b075
--- /dev/null
+++ b/package/wget/0001-Fix-CRLF-injection-in-Wget-host-part.patch
@@ -0,0 +1,40 @@
+From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Mon, 6 Mar 2017 10:04:22 +0100
+Subject: [PATCH] Fix CRLF injection in Wget host part
+
+* src/url.c (url_parse): Reject control characters in host part of URL
+
+Reported-by: Orange Tsai
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 4d729e322fae35
+
+ src/url.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/url.c b/src/url.c
+index 8f8ff0b881af..7d36b27d7b92 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
+       url_unescape (u->host);
+       host_modified = true;
+ 
++      /* check for invalid control characters in host name */
++      for (p = u->host; *p; p++)
++        {
++          if (c_iscntrl(*p))
++            {
++              url_free(u);
++              error_code = PE_INVALID_HOST_NAME;
++              goto error;
++            }
++        }
++
+       /* Apply IDNA regardless of iri->utf8_encode status */
+       if (opt.enable_iri && iri)
+         {
+-- 
+2.11.0
+

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2017-03-30 22:14 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-30 22:14 [Buildroot] [git commit branch/2017.02.x] wget: add upstream security fix Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.