From 2b9c99078b2ddbe7c65074204d1b8c73270867f2 Mon Sep 17 00:00:00 2001
From: Amit Karsale <amit.karsale@perforce.com>
Date: Fri, 23 Aug 2024 10:41:33 +0530
Subject: [PATCH] (PA-6878) Patch agent-runtime-7.x and main Curl for
 CVE-2024-7264

---
 configs/components/curl.rb                 |  5 +-
 configs/projects/agent-runtime-main.rb     |  2 +-
 resources/patches/curl/CVE-2024-7264.patch | 84 ++++++++++++++++++++++
 3 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 resources/patches/curl/CVE-2024-7264.patch

diff --git a/configs/components/curl.rb b/configs/components/curl.rb
index b7100d54e..e2efe4df0 100644
--- a/configs/components/curl.rb
+++ b/configs/components/curl.rb
@@ -6,8 +6,8 @@
   case version
   when '7.88.1'
     pkg.sha256sum 'cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7'
-  when '8.7.1'
-    pkg.sha256sum 'f91249c87f68ea00cf27c44fdfa5a78423e41e71b7d408e5901a9896d905c495'
+  when '8.9.1'
+    pkg.sha256sum '291124a007ee5111997825940b3876b3048f7d31e73e9caa681b80fe48b2dcd5'
   else
     raise "curl version #{version} has not been configured; Cannot continue."
   end
@@ -47,6 +47,7 @@
     pkg.apply_patch 'resources/patches/curl/CVE-2023-46218.patch'
     pkg.apply_patch 'resources/patches/curl/CVE-2024-2004.patch'
     pkg.apply_patch 'resources/patches/curl/CVE-2024-2398.patch'
+    pkg.apply_patch 'resources/patches/curl/CVE-2024-7264.patch'
   end
 
   configure_options = []
diff --git a/configs/projects/agent-runtime-main.rb b/configs/projects/agent-runtime-main.rb
index 1d062e8f9..4f3e8398e 100644
--- a/configs/projects/agent-runtime-main.rb
+++ b/configs/projects/agent-runtime-main.rb
@@ -14,7 +14,7 @@
     proj.setting :augeas_version, '1.14.1'
   end
 
-  proj.setting :curl_version, '8.7.1'
+  proj.setting :curl_version, '8.9.1'
 
   ########
   # Load shared agent settings
diff --git a/resources/patches/curl/CVE-2024-7264.patch b/resources/patches/curl/CVE-2024-7264.patch
new file mode 100644
index 000000000..f331140cb
--- /dev/null
+++ b/resources/patches/curl/CVE-2024-7264.patch
@@ -0,0 +1,84 @@
+--- a/lib/x509asn1.c
++++ b/lib/x509asn1.c
+@@ -493,12 +493,13 @@ static const char *GTime2str(const char
+   fracl = 0; /* no fractional seconds detected so far */
+   if(fracp < end && (*fracp == '.' || *fracp == ',')) {
+     /* Have fractional seconds, e.g. "[.,]\d+". How many? */
+-    tzp = fracp++; /* should be a digit char or BAD ARGUMENT */
++    fracp++; /* should be a digit char or BAD ARGUMENT */
++    tzp = fracp;
+     while(tzp < end && ISDIGIT(*tzp))
+       tzp++;
+     if(tzp == fracp) /* never looped, no digit after [.,] */
+       return CURLE_BAD_FUNCTION_ARGUMENT;
+-    fracl = tzp - fracp - 1; /* number of fractional sec digits */
++    fracl = tzp - fracp; /* number of fractional sec digits */
+     DEBUGASSERT(fracl > 0);
+     /* Strip trailing zeroes in fractional seconds.
+      * May reduce fracl to 0 if only '0's are present. */
+@@ -507,18 +508,24 @@ static const char *GTime2str(const char
+   }
+ 
+   /* Process timezone. */
+-  if(tzp >= end)
+-    ;           /* Nothing to do. */
++  if(tzp >= end) {
++    tzp = "";
++    tzl = 0;
++  }
+   else if(*tzp == 'Z') {
+-    tzp = " GMT";
+-    end = tzp + 4;
++    sep = " ";
++    tzp = "GMT";
++    tzl = 3;
++  }
++  else if((*tzp == '+') || (*tzp == '-')) {
++    sep = " UTC";
++    tzl = end - tzp;
+   }
+   else {
+     sep = " ";
+-    tzp++;
++    tzl = end - tzp;
+   }
+ 
+-  tzl = end - tzp;
+   return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s",
+                        beg, beg + 4, beg + 6,
+                        beg + 8, beg + 10, sec1, sec2,
+@@ -526,6 +533,15 @@ static const char *GTime2str(const char
+                        sep, tzl, tzp);
+ }
+ 
++#ifdef UNITTESTS
++/* used by unit1656.c */
++CURLcode Curl_x509_GTime2str(struct dynbuf *store,
++                             const char *beg, const char *end)
++{
++  return GTime2str(store, beg, end);
++}
++#endif
++
+ /*
+  *  Convert an ASN.1 UTC time to a printable string.
+  * Return the dynamically allocated string, or NULL if an error occurs.
+--- a/lib/x509asn1.h
++++ b/lib/x509asn1.h
+@@ -130,5 +130,16 @@ CURLcode Curl_extract_certinfo(struct co
+                                const char *beg, const char *end);
+ CURLcode Curl_verifyhost(struct connectdata *conn,
+                          const char *beg, const char *end);
++
++#ifdef UNITTESTS
++#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
++  defined(USE_MBEDTLS)
++
++/* used by unit1656.c */
++CURLcode Curl_x509_GTime2str(struct dynbuf *store,
++                             const char *beg, const char *end);
++#endif
++#endif
++
+ #endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL */
+ #endif /* HEADER_CURL_X509ASN1_H */