summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl/curl/CVE-2021-22945.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2021-22945.patch')
-rw-r--r--meta/recipes-support/curl/curl/CVE-2021-22945.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22945.patch b/meta/recipes-support/curl/curl/CVE-2021-22945.patch
new file mode 100644
index 0000000000..44c42632ed
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22945.patch
@@ -0,0 +1,35 @@
+From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001
+From: z2_ on hackerone <>
+Date: Tue, 24 Aug 2021 09:50:33 +0200
+Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
+
+CVE-2021-22945
+
+Bug: https://curl.se/docs/CVE-2021-22945.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49]
+
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+
+---
+ lib/mqtt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index f077e6c3d..fcd40b41e 100644
+--- a/lib/mqtt.c
++++ b/lib/mqtt.c
+@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
+ mq->sendleftovers = sendleftovers;
+ mq->nsend = nsend;
+ }
++ else {
++ mq->sendleftovers = NULL;
++ mq->nsend = 0;
++ }
+ return result;
+ }
+
+--
+2.34.1
+