curl: add patch for CVE-2021-22945

included as all curl patches need to be in-repo due to
bootstrapping issues

2 files changed, 28 insertions, 0 deletions

diff --git a/pkgs/tools/networking/curl/CVE-2021-22945.patch b/pkgs/tools/networking/curl/CVE-2021-22945.patch
new file mode 100644
index 00000000000..f8e570d2d65
--- /dev/null
+++ b/pkgs/tools/networking/curl/CVE-2021-22945.patch
@@ -0,0 +1,27 @@
+From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001
+From: z2_ on hackerone <>
+Date: Tue, 24 Aug 2021 09:50:33 +0200
+Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
+
+CVE-2021-22945
+
+Bug: https://curl.se/docs/CVE-2021-22945.html
+---
+ lib/mqtt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index f077e6c3dc44..fcd40b41e600 100644
+--- a/lib/mqtt.c
++++ b/lib/mqtt.c
+@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
+     mq->sendleftovers = sendleftovers;
+     mq->nsend = nsend;
+   }
++  else {
++    mq->sendleftovers = NULL;
++    mq->nsend = 0;
++  }
+   return result;
+ }
+ 
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index b3572e01c96..7d6b96ac9f0 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -57,6 +57,7 @@ stdenv.mkDerivation rec {
     ./CVE-2021-22897.patch
     ./CVE-2021-22898.patch
     ./CVE-2021-22901.patch
+    ./CVE-2021-22945.patch
   ];
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];