From 885731e84feeb6610a1743f57c93fd918bec929d Mon Sep 17 00:00:00 2001 From: Saurabh Pandit Date: Mon, 18 Mar 2024 19:03:22 +0530 Subject: [PATCH] [PA-6145]: Applied Curl Patch 1. CVE-2023-46218 --- configs/components/curl.rb | 1 + resources/patches/curl/CVE-2023-46218.patch | 45 +++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 resources/patches/curl/CVE-2023-46218.patch diff --git a/configs/components/curl.rb b/configs/components/curl.rb index 3b2c0453a..7c0087552 100644 --- a/configs/components/curl.rb +++ b/configs/components/curl.rb @@ -32,6 +32,7 @@ pkg.apply_patch 'resources/patches/curl/CVE-2023-32001.patch' pkg.apply_patch 'resources/patches/curl/CVE-2023-38545.patch' pkg.apply_patch 'resources/patches/curl/CVE-2023-38546.patch' + pkg.apply_patch 'resources/patches/curl/CVE-2023-46218.patch' configure_options = [] configure_options << "--with-ssl=#{settings[:prefix]}" diff --git a/resources/patches/curl/CVE-2023-46218.patch b/resources/patches/curl/CVE-2023-46218.patch new file mode 100644 index 000000000..a05e524d5 --- /dev/null +++ b/resources/patches/curl/CVE-2023-46218.patch @@ -0,0 +1,45 @@ +From 2b0994c29a721c91c572cff7808c572a24d251eb Thu Nov 23 00:00:00 2023 +From: Daniel Stenberg +Date: Thu, 23 Nov 2023 23:28:32 +0200 +Subject: [PATCH] cookie: lowercase the domain names before PSL checks + +Reported-by: Harry Sintonen + +Closes #12387 +--- +diff --git a/lib/cookie.c b/lib/cookie.c +index c457b2d95..fc3f2bd98 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -1049,15 +1049,23 @@ Curl_cookie_add(struct Curl_easy *data, + * dereference it. + */ + if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { +- const psl_ctx_t *psl = Curl_psl_use(data); +- int acceptable; +- +- if(psl) { +- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); +- Curl_psl_release(data); ++ bool acceptable = FALSE; ++ char lcase[256]; ++ char lcookie[256]; ++ size_t dlen = strlen(domain); ++ size_t clen = strlen(co->domain); ++ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { ++ const psl_ctx_t *psl = Curl_psl_use(data); ++ if(psl) { ++ /* the PSL check requires lowercase domain name and pattern */ ++ Curl_strntolower(lcase, domain, dlen + 1); ++ Curl_strntolower(lcookie, co->domain, clen + 1); ++ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); ++ Curl_psl_release(data); ++ } ++ else ++ acceptable = !bad_domain(domain, strlen(domain)); + } +- else +- acceptable = !bad_domain(domain); + + if(!acceptable) { + infof(data, "cookie '%s' dropped, domain '%s' must not "