Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1a62ef4c1647
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 8350d254b364
Choose a head ref
  • 1 commit
  • 2 files changed
  • 1 contributor

Commits on Oct 12, 2019

  1. curl: apply upstream security patch 

    Partially fixes #70084.  Cherry-picked from 19.09's 22b5bbf.
    @vcunat
    vcunat committed Oct 12, 2019
    Copy the full SHA
    8350d25 View commit details
Showing with 28 additions and 0 deletions.
  1. +26 −0 pkgs/tools/networking/curl/cve-2019-5481.diff
  2. +2 −0 pkgs/tools/networking/curl/default.nix
26 changes: 26 additions & 0 deletions pkgs/tools/networking/curl/cve-2019-5481.diff
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
https://github.com/curl/curl/commit/9069838b3
--- a/lib/security.c
+++ b/lib/security.c
@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
struct krb5buffer *buf)
{
int len;
- void *tmp = NULL;
CURLcode result;

result = socket_read(fd, &len, sizeof(len));
@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
if(len) {
/* only realloc if there was a length */
len = ntohl(len);
- tmp = Curl_saferealloc(buf->data, len);
+ buf->data = Curl_saferealloc(buf->data, len);
}
- if(tmp == NULL)
+ if(!len || !buf->data)
return CURLE_OUT_OF_MEMORY;

- buf->data = tmp;
result = socket_read(fd, buf->data, len);
if(result)
return result;
2 changes: 2 additions & 0 deletions pkgs/tools/networking/curl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -40,6 +40,8 @@ stdenv.mkDerivation rec {
name = "CVE-2019-5435.patch";
sha256 = "00w12yhq8q260n91i1xrynz3vn4w3lypgl19cm893s35pbvg7y17";
})
# fetchpatch is way to hard due to bootstapping, and fetchurl from github isn't stable
./cve-2019-5481.diff
];

outputs = [ "bin" "dev" "out" "man" "devdoc" ];