curl: Fix multiple security problems

[openwrt/staging/dedeckeh.git] / package / network / utils / curl / patches / 404-CVE-2018-16842.patch

diff --git a/package/network/utils/curl/patches/404-CVE-2018-16842.patch b/package/network/utils/curl/patches/404-CVE-2018-16842.patch
new file mode 100644 (file)
index 0000000..50e325d
--- /dev/null
+++ b/package/network/utils/curl/patches/404-CVE-2018-16842.patch
@@ -0,0 +1,23 @@
+From d530e92f59ae9bb2d47066c3c460b25d2ffeb211 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 28 Oct 2018 01:33:23 +0200
+Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
+
+CVE-2018-16842
+Reported-by: Brian Carpenter
+Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
+---
+ src/tool_msgs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/tool_msgs.c
++++ b/src/tool_msgs.c
+@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *c
+         (void)fwrite(ptr, cut + 1, 1, config->errors);
+         fputs("\n", config->errors);
+         ptr += cut + 1; /* skip the space too */
+-        len -= cut;
++        len -= cut + 1;
+       }
+       else {
+         fputs(ptr, config->errors);