Re: [OE-core][hardknott][PATCH 1/2] curl: fix CVE-2021-22890

[Trevor Gamblin]

On 2021-06-15 6:12 p.m., Alejandro Enedino Hernandez Samaniego wrote:


**[Please note: This e-mail is from an EXTERNAL e-mail address]


On 6/1/21 9:09 AM, Trevor Gamblin wrote:

Backport and modify the patch for CVE-2021-22890 from curl 7.76 to make
it apply cleanly on 7.75.

CVE: CVE-2021-22890

Signed-off-by: Trevor Gamblin
---
  ...-argument-to-Curl_ssl_get-addsession.patch | 517 ++
  meta/recipes-support/curl/curl_7.75.0.bb  

   |   1 +
  2 files changed, 518 insertions(+)
  create mode 100644 
meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch

diff --git 
a/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
new file mode 100644
index 00..a0c7d68f33
--- /dev/null
+++ 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
@@ -0,0 +1,517 @@
+From a2d3885223db9616283bfe33435fbe9b3140eac7 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin
+Date: Tue, 1 Jun 2021 09:50:20 -0400
+Subject: [PATCH 1/2] vtls: add 'isproxy' argument to
+ Curl_ssl_get/addsessionid()
+
+To make sure we set and extract the correct session.
+
+Reported-by: Mingtao Yang
+Bug:https://curl.se/docs/CVE-2021-22890.html
+
+CVE-2021-22890
+
+Upstream-Status: Backport
+(https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844)
+
+Signed-off-by: Trevor Gamblin
+---
+ lib/vtls/bearssl.c   |  8 +--
+ lib/vtls/gtls.c  | 12 ++
+ lib/vtls/mbedtls.c   | 12 ++
+ lib/vtls/mesalink.c  | 14 
+ lib/vtls/openssl.c   | 54 +---
+ lib/vtls/schannel.c  | 10 
+ lib/vtls/sectransp.c | 10 
+ lib/vtls/vtls.c  | 12 +++---
+ lib/vtls/vtls.h  |  2 ++
+ lib/vtls/wolfssl.c   | 28 +--
+ 10 files changed, 111 insertions(+), 51 deletions(-)
+
+diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
+index 29b08c0e6..0432dfadc 100644
+--- a/lib/vtls/bearssl.c
 b/lib/vtls/bearssl.c
+@@ -375,7 +375,8 @@ static CURLcode bearssl_connect_step1(struct Curl_easy 
*data,
+ void *session;
+
+ Curl_ssl_sessionid_lock(data);
+-if(!Curl_ssl_getsessionid(data, conn, , NULL, sockindex)) {
++if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
++  , NULL, sockindex)) {
+   br_ssl_engine_set_session_parameters(>ctx.eng, session);
+   infof(data, "BearSSL: re-using session ID\n");
+ }
+@@ -571,10 +572,13 @@ static CURLcode bearssl_connect_step3(struct Curl_easy 
*data,
+ br_ssl_engine_get_session_parameters(>ctx.eng, session);
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn,
++  SSL_IS_PROXY() ? TRUE : FALSE,
+   , NULL, sockindex));
+ if(incache)
+   Curl_ssl_delsessionid(data, oldsession);
+-ret = Curl_ssl_addsessionid(data, conn, session, 0, sockindex);
++ret = Curl_ssl_addsessionid(data, conn,
++SSL_IS_PROXY() ? TRUE : FALSE,
++session, 0, sockindex);
+ Curl_ssl_sessionid_unlock(data);
+ if(ret) {
+   free(session);
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 3ddee1974..28ca528a6 100644
+--- a/lib/vtls/gtls.c
 b/lib/vtls/gtls.c
+@@ -733,6 +733,7 @@ gtls_connect_step1(struct Curl_easy *data,
+
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn,
++  SSL_IS_PROXY() ? TRUE : FALSE,
+   _sessionid, _idsize, sockindex)) {
+   /* we got a session id, use it! */
+   gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
+@@ -1292,8 +1293,9 @@ gtls_connect_step3(struct Curl_easy *data,
+   gnutls_session_get_data(session, connect_sessionid, _idsize);
+
+   Curl_ssl_sessionid_lock(data);
+-  incache = !(Curl_ssl_getsessionid(data, conn, _sessionid, NULL,
+-sockindex));
++  incache = !(Curl_ssl_getsessionid(data, conn,
++SSL_IS_PROXY() ? TRUE : FALSE,
++_sessionid, NULL, sockindex));
+   if(incache) {
+ /* there was one before in the cache, so instead of risking that the
+previous one was rejected, we just kill that and store the new */
+@@ -1301,8 +1303,10 @@ gtls_connect_step3(struct Curl_easy *data,
+   }
+
+   /* store this session id */
+-  result = Curl_ssl_addsessionid(data, conn, connect_sessionid,
+- connect_idsize, sockindex);
++  result = 

Re: [OE-core][hardknott][PATCH 1/2] curl: fix CVE-2021-22890

[Alejandro Hernandez Samaniego]

On 6/1/21 9:09 AM, Trevor Gamblin wrote:

Backport and modify the patch for CVE-2021-22890 from curl 7.76 to make
it apply cleanly on 7.75.

CVE: CVE-2021-22890

Signed-off-by: Trevor Gamblin 
---
  ...-argument-to-Curl_ssl_get-addsession.patch | 517 ++
  meta/recipes-support/curl/curl_7.75.0.bb  |   1 +
  2 files changed, 518 insertions(+)
  create mode 100644 
meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch

diff --git 
a/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
new file mode 100644
index 00..a0c7d68f33
--- /dev/null
+++ 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
@@ -0,0 +1,517 @@
+From a2d3885223db9616283bfe33435fbe9b3140eac7 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin 
+Date: Tue, 1 Jun 2021 09:50:20 -0400
+Subject: [PATCH 1/2] vtls: add 'isproxy' argument to
+ Curl_ssl_get/addsessionid()
+
+To make sure we set and extract the correct session.
+
+Reported-by: Mingtao Yang
+Bug: https://curl.se/docs/CVE-2021-22890.html
+
+CVE-2021-22890
+
+Upstream-Status: Backport
+(https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844)
+
+Signed-off-by: Trevor Gamblin 
+---
+ lib/vtls/bearssl.c   |  8 +--
+ lib/vtls/gtls.c  | 12 ++
+ lib/vtls/mbedtls.c   | 12 ++
+ lib/vtls/mesalink.c  | 14 
+ lib/vtls/openssl.c   | 54 +---
+ lib/vtls/schannel.c  | 10 
+ lib/vtls/sectransp.c | 10 
+ lib/vtls/vtls.c  | 12 +++---
+ lib/vtls/vtls.h  |  2 ++
+ lib/vtls/wolfssl.c   | 28 +--
+ 10 files changed, 111 insertions(+), 51 deletions(-)
+
+diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
+index 29b08c0e6..0432dfadc 100644
+--- a/lib/vtls/bearssl.c
 b/lib/vtls/bearssl.c
+@@ -375,7 +375,8 @@ static CURLcode bearssl_connect_step1(struct Curl_easy 
*data,
+ void *session;
+
+ Curl_ssl_sessionid_lock(data);
+-if(!Curl_ssl_getsessionid(data, conn, , NULL, sockindex)) {
++if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
++  , NULL, sockindex)) {
+   br_ssl_engine_set_session_parameters(>ctx.eng, session);
+   infof(data, "BearSSL: re-using session ID\n");
+ }
+@@ -571,10 +572,13 @@ static CURLcode bearssl_connect_step3(struct Curl_easy 
*data,
+ br_ssl_engine_get_session_parameters(>ctx.eng, session);
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn,
++  SSL_IS_PROXY() ? TRUE : FALSE,
+   , NULL, sockindex));
+ if(incache)
+   Curl_ssl_delsessionid(data, oldsession);
+-ret = Curl_ssl_addsessionid(data, conn, session, 0, sockindex);
++ret = Curl_ssl_addsessionid(data, conn,
++SSL_IS_PROXY() ? TRUE : FALSE,
++session, 0, sockindex);
+ Curl_ssl_sessionid_unlock(data);
+ if(ret) {
+   free(session);
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 3ddee1974..28ca528a6 100644
+--- a/lib/vtls/gtls.c
 b/lib/vtls/gtls.c
+@@ -733,6 +733,7 @@ gtls_connect_step1(struct Curl_easy *data,
+
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn,
++  SSL_IS_PROXY() ? TRUE : FALSE,
+   _sessionid, _idsize, sockindex)) {
+   /* we got a session id, use it! */
+   gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
+@@ -1292,8 +1293,9 @@ gtls_connect_step3(struct Curl_easy *data,
+   gnutls_session_get_data(session, connect_sessionid, _idsize);
+
+   Curl_ssl_sessionid_lock(data);
+-  incache = !(Curl_ssl_getsessionid(data, conn, _sessionid, NULL,
+-sockindex));
++  incache = !(Curl_ssl_getsessionid(data, conn,
++SSL_IS_PROXY() ? TRUE : FALSE,
++_sessionid, NULL, sockindex));
+   if(incache) {
+ /* there was one before in the cache, so instead of risking that the
+previous one was rejected, we just kill that and store the new */
+@@ -1301,8 +1303,10 @@ gtls_connect_step3(struct Curl_easy *data,
+   }
+
+   /* store this session id */
+-  result = Curl_ssl_addsessionid(data, conn, connect_sessionid,
+- connect_idsize, sockindex);
++  result = Curl_ssl_addsessionid(data, conn,
++ SSL_IS_PROXY() ? TRUE : FALSE,
++ connect_sessionid, connect_idsize,
++ sockindex);
+   Curl_ssl_sessionid_unlock(data);
+   if(result) {
+   

[OE-core][hardknott][PATCH 1/2] curl: fix CVE-2021-22890

[Trevor Gamblin]

Backport and modify the patch for CVE-2021-22890 from curl 7.76 to make
it apply cleanly on 7.75.

CVE: CVE-2021-22890

Signed-off-by: Trevor Gamblin 
---
 ...-argument-to-Curl_ssl_get-addsession.patch | 517 ++
 meta/recipes-support/curl/curl_7.75.0.bb  |   1 +
 2 files changed, 518 insertions(+)
 create mode 100644 
meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch

diff --git 
a/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
new file mode 100644
index 00..a0c7d68f33
--- /dev/null
+++ 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
@@ -0,0 +1,517 @@
+From a2d3885223db9616283bfe33435fbe9b3140eac7 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin 
+Date: Tue, 1 Jun 2021 09:50:20 -0400
+Subject: [PATCH 1/2] vtls: add 'isproxy' argument to
+ Curl_ssl_get/addsessionid()
+
+To make sure we set and extract the correct session.
+
+Reported-by: Mingtao Yang
+Bug: https://curl.se/docs/CVE-2021-22890.html
+
+CVE-2021-22890
+
+Upstream-Status: Backport
+(https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844)
+
+Signed-off-by: Trevor Gamblin 
+---
+ lib/vtls/bearssl.c   |  8 +--
+ lib/vtls/gtls.c  | 12 ++
+ lib/vtls/mbedtls.c   | 12 ++
+ lib/vtls/mesalink.c  | 14 
+ lib/vtls/openssl.c   | 54 +---
+ lib/vtls/schannel.c  | 10 
+ lib/vtls/sectransp.c | 10 
+ lib/vtls/vtls.c  | 12 +++---
+ lib/vtls/vtls.h  |  2 ++
+ lib/vtls/wolfssl.c   | 28 +--
+ 10 files changed, 111 insertions(+), 51 deletions(-)
+
+diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
+index 29b08c0e6..0432dfadc 100644
+--- a/lib/vtls/bearssl.c
 b/lib/vtls/bearssl.c
+@@ -375,7 +375,8 @@ static CURLcode bearssl_connect_step1(struct Curl_easy 
*data,
+ void *session;
+ 
+ Curl_ssl_sessionid_lock(data);
+-if(!Curl_ssl_getsessionid(data, conn, , NULL, sockindex)) {
++if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
++  , NULL, sockindex)) {
+   br_ssl_engine_set_session_parameters(>ctx.eng, session);
+   infof(data, "BearSSL: re-using session ID\n");
+ }
+@@ -571,10 +572,13 @@ static CURLcode bearssl_connect_step3(struct Curl_easy 
*data,
+ br_ssl_engine_get_session_parameters(>ctx.eng, session);
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn,
++  SSL_IS_PROXY() ? TRUE : FALSE,
+   , NULL, sockindex));
+ if(incache)
+   Curl_ssl_delsessionid(data, oldsession);
+-ret = Curl_ssl_addsessionid(data, conn, session, 0, sockindex);
++ret = Curl_ssl_addsessionid(data, conn,
++SSL_IS_PROXY() ? TRUE : FALSE,
++session, 0, sockindex);
+ Curl_ssl_sessionid_unlock(data);
+ if(ret) {
+   free(session);
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 3ddee1974..28ca528a6 100644
+--- a/lib/vtls/gtls.c
 b/lib/vtls/gtls.c
+@@ -733,6 +733,7 @@ gtls_connect_step1(struct Curl_easy *data,
+ 
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn,
++  SSL_IS_PROXY() ? TRUE : FALSE,
+   _sessionid, _idsize, sockindex)) {
+   /* we got a session id, use it! */
+   gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
+@@ -1292,8 +1293,9 @@ gtls_connect_step3(struct Curl_easy *data,
+   gnutls_session_get_data(session, connect_sessionid, _idsize);
+ 
+   Curl_ssl_sessionid_lock(data);
+-  incache = !(Curl_ssl_getsessionid(data, conn, _sessionid, NULL,
+-sockindex));
++  incache = !(Curl_ssl_getsessionid(data, conn,
++SSL_IS_PROXY() ? TRUE : FALSE,
++_sessionid, NULL, sockindex));
+   if(incache) {
+ /* there was one before in the cache, so instead of risking that the
+previous one was rejected, we just kill that and store the new */
+@@ -1301,8 +1303,10 @@ gtls_connect_step3(struct Curl_easy *data,
+   }
+ 
+   /* store this session id */
+-  result = Curl_ssl_addsessionid(data, conn, connect_sessionid,
+- connect_idsize, sockindex);
++  result = Curl_ssl_addsessionid(data, conn,
++ SSL_IS_PROXY() ? TRUE : FALSE,
++ connect_sessionid, connect_idsize,
++ sockindex);
+   Curl_ssl_sessionid_unlock(data);
+   if(result) {
+ free(connect_sessionid);
+diff --git