package/network/utils/curl/patches/100-CVE-2017-2629.patch

   1 From a00a42b4abe8363a46071bb3b43b1b7138f5259b Mon Sep 17 00:00:00 2001
   2 From: Daniel Stenberg <daniel@haxx.se>
   3 Date: Sun, 22 Jan 2017 18:11:55 +0100
   4 Subject: [PATCH] TLS: make SSL_VERIFYSTATUS work again
   5
   6 The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl
   7 and thus even if the status couldn't be verified, the connection would
   8 be allowed and the user would not be told about the failed verification.
   9
  10 Regression since cb4e2be7c6d42ca
  11
  12 CVE-2017-2629
  13 Bug: https://curl.haxx.se/docs/adv_20170222.html
  14
  15 Reported-by: Marcus Hoffmann
  16 ---
  17  lib/url.c | 3 +++
  18  1 file changed, 3 insertions(+)
  19
  20 --- a/lib/url.c
  21 +++ b/lib/url.c
  22 @@ -4141,8 +4141,11 @@ static struct connectdata *allocate_conn
  23    conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
  24    conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
  25
  26 +  conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
  27    conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
  28    conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
  29 +  conn->proxy_ssl_config.verifystatus =
  30 +    data->set.proxy_ssl.primary.verifystatus;
  31    conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
  32    conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
  33