libxml2: CVE-2017-8872

Out-of-bounds read in htmlParseTryOrFinish Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872 Backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2017-09-21 13:57:06 +0200
committer: Adrian Dudau <adrian.dudau@enea.com> 2017-09-26 15:38:55 +0200
commit: 781e18aca10e772c75eed6246400a19b3adf4766 (patch)
tree: 21bfcca3376d883fe57d2799d05a40abfccee52f
parent: 7218e2df932a95309e9d089d979f4280b0d10e40 (diff)
download: meta-el-common-781e18aca10e772c75eed6246400a19b3adf4766.tar.gz
2 files changed, 42 insertions, 0 deletions
diff --git a/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
new file mode 100644
index 0000000..6319280
--- /dev/null
+++ b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
@@ -0,0 +1,41 @@
+From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 23 Aug 2017 16:04:49 +0800
+Subject: [PATCH] fix CVE-2017-8872
+this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
+il too here.
+this seems to cure this specific issue, and also passes the testsuite
+Signed-off-by: Marcus Meissner <meissner@suse.de>
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+CVE: CVE-2017-8872
+Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/parser.c b/parser.c
+index 9506ead..6c07ffd 100644
+--- a/parser.c
+++ b/parser.c
+@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+        }
+        ctxt->input->cur = BAD_CAST"";
+        ctxt->input->base = ctxt->input->cur;
+       if (ctxt->input->buf) {
+               xmlBufEmpty (ctxt->input->buf->buffer);
+       } else
+               ctxt->input->length = 0;
+     }
+ }
+ 
+-- 
+2.7.4
diff --git a/recipes-core/libxml/libxml2_%.bbappend b/recipes-core/libxml/libxml2_%.bbappend
index 01e59d3..b4f5d38 100644
--- a/recipes-core/libxml/libxml2_%.bbappend
+++ b/recipes-core/libxml/libxml2_%.bbappend
@@ -5,5 +5,6 @@ SRC_URI += "file://CVE-2017-0663.patch \
            file://CVE-2017-5969.patch \
            file://CVE-2017-9047_CVE-2017-9048.patch \
            file://CVE-2017-9049_CVE-2017-9050.patch \
+            file://libxml2-CVE-2017-8872.patch \
           "
author	Sona Sarmadi <sona.sarmadi@enea.com>	2017-09-21 13:57:06 +0200
committer	Adrian Dudau <adrian.dudau@enea.com>	2017-09-26 15:38:55 +0200
commit	781e18aca10e772c75eed6246400a19b3adf4766 (patch)
tree	21bfcca3376d883fe57d2799d05a40abfccee52f
parent	7218e2df932a95309e9d089d979f4280b0d10e40 (diff)
download	meta-el-common-781e18aca10e772c75eed6246400a19b3adf4766.tar.gz

diff --git a/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch new file mode 100644 index 0000000..6319280 --- /dev/null +++ b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
@@ -0,0 +1,41 @@
		1	From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
		2	From: Hongxu Jia <hongxu.jia@windriver.com>
		3	Date: Wed, 23 Aug 2017 16:04:49 +0800
		4	Subject: [PATCH] fix CVE-2017-8872
		5
		6	this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
		7	il too here.
		8
		9	this seems to cure this specific issue, and also passes the testsuite
		10
		11	Signed-off-by: Marcus Meissner <meissner@suse.de>
		12
		13	https://bugzilla.gnome.org/show_bug.cgi?id=775200
		14
		15	CVE: CVE-2017-8872
		16	Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
		17
		18	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
		19	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
		20	---
		21	parser.c \| 4 ++++
		22	1 file changed, 4 insertions(+)
		23
		24	diff --git a/parser.c b/parser.c
		25	index 9506ead..6c07ffd 100644
		26	--- a/parser.c
		27	+++ b/parser.c
		28	@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
		29	}
		30	ctxt->input->cur = BAD_CAST"";
		31	ctxt->input->base = ctxt->input->cur;
		32	+ if (ctxt->input->buf) {
		33	+ xmlBufEmpty (ctxt->input->buf->buffer);
		34	+ } else
		35	+ ctxt->input->length = 0;
		36	}
		37	}
		38
		39	--
		40	2.7.4
		41


diff --git a/recipes-core/libxml/libxml2_%.bbappend b/recipes-core/libxml/libxml2_%.bbappend index 01e59d3..b4f5d38 100644 --- a/recipes-core/libxml/libxml2_%.bbappend +++ b/recipes-core/libxml/libxml2_%.bbappend
@@ -5,5 +5,6 @@ SRC_URI += "file://CVE-2017-0663.patch \
5	file://CVE-2017-5969.patch \	5	file://CVE-2017-5969.patch \
6	file://CVE-2017-9047_CVE-2017-9048.patch \	6	file://CVE-2017-9047_CVE-2017-9048.patch \
7	file://CVE-2017-9049_CVE-2017-9050.patch \	7	file://CVE-2017-9049_CVE-2017-9050.patch \
		8	file://libxml2-CVE-2017-8872.patch \
8	"	9	"
9		10