search

Samsung / TizenRT

TizenRT is a lightweight RTOS-based platform to support low-end IoT devices
Apache License 2.0
566 stars 570 forks source link

[Security report]: Patches for CVEs found in reused component curl by using V1SCAN #6311

Open ltcdCai opened 1 month ago

ltcdCai commented 1 month ago

Contact me:

weitingcai2020@gmail.com

CVEs and affected files:

CVE-2018-1000120 in the file /external/curl/ftp.c CVE-2018-1000122 in the file /external/curl/transfer.c CVE-2018-1000301 in the file /external/curl/http.c

References:

NVD descriptions: https://nvd.nist.gov/vuln/detail/CVE-2018-1000120 https://nvd.nist.gov/vuln/detail/CVE-2018-1000122 https://nvd.nist.gov/vuln/detail/CVE-2018-1000301

GitHub Security Advisories: Advisory for CVE-2018-1000120 Advisory for CVE-2018-1000122 Advisory for CVE-2018-1000301

Github commits: Commit for CVE-2018-1000120 Commit for CVE-2018-1000122 Commit for CVE-2018-1000301

Patch suggestions:

CVE-2018-1000120 & CVE-2018-1000122: Since it seems that the two reused files are from the older version of curl, it is recommended to update the two files to the latest version or just apply the above commits for CVE-2018-1000120 & CVE-2018-1000122.

CVE-2018-1000301: Since it seems that this file /external/curl/http.c is reused with a lot of modifications for customized features, we suggest to apply the following patch:

  1. After the code struct SingleRequest *k = &data->req; at line 2963, insert the following two lines: 
    ssize_t onread = *nread;
char *ostr = k->str;
  2. Replace the code *nread = (ssize_t)rest_length; at line 3028 with the following three lines: 
    *nread = onread;
k->str = ostr;
return CURLE_OK;
sunghan-chang commented 1 month ago

@jylee9613 Could you check it?