diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-09-21 13:57:06 +0200 |
---|---|---|
committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-09-26 15:38:55 +0200 |
commit | 781e18aca10e772c75eed6246400a19b3adf4766 (patch) | |
tree | 21bfcca3376d883fe57d2799d05a40abfccee52f /recipes-core | |
parent | 7218e2df932a95309e9d089d979f4280b0d10e40 (diff) | |
download | meta-nfv-access-common-781e18aca10e772c75eed6246400a19b3adf4766.tar.gz |
libxml2: CVE-2017-8872
Out-of-bounds read in htmlParseTryOrFinish
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872
Backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'recipes-core')
-rw-r--r-- | recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch | 41 | ||||
-rw-r--r-- | recipes-core/libxml/libxml2_%.bbappend | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch new file mode 100644 index 0000000..6319280 --- /dev/null +++ b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
3 | Date: Wed, 23 Aug 2017 16:04:49 +0800 | ||
4 | Subject: [PATCH] fix CVE-2017-8872 | ||
5 | |||
6 | this makes xmlHaltParser "empty" the buffer, as it resets cur and ava | ||
7 | il too here. | ||
8 | |||
9 | this seems to cure this specific issue, and also passes the testsuite | ||
10 | |||
11 | Signed-off-by: Marcus Meissner <meissner@suse.de> | ||
12 | |||
13 | https://bugzilla.gnome.org/show_bug.cgi?id=775200 | ||
14 | |||
15 | CVE: CVE-2017-8872 | ||
16 | Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff] | ||
17 | |||
18 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
19 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
20 | --- | ||
21 | parser.c | 4 ++++ | ||
22 | 1 file changed, 4 insertions(+) | ||
23 | |||
24 | diff --git a/parser.c b/parser.c | ||
25 | index 9506ead..6c07ffd 100644 | ||
26 | --- a/parser.c | ||
27 | +++ b/parser.c | ||
28 | @@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { | ||
29 | } | ||
30 | ctxt->input->cur = BAD_CAST""; | ||
31 | ctxt->input->base = ctxt->input->cur; | ||
32 | + if (ctxt->input->buf) { | ||
33 | + xmlBufEmpty (ctxt->input->buf->buffer); | ||
34 | + } else | ||
35 | + ctxt->input->length = 0; | ||
36 | } | ||
37 | } | ||
38 | |||
39 | -- | ||
40 | 2.7.4 | ||
41 | |||
diff --git a/recipes-core/libxml/libxml2_%.bbappend b/recipes-core/libxml/libxml2_%.bbappend index 01e59d3..b4f5d38 100644 --- a/recipes-core/libxml/libxml2_%.bbappend +++ b/recipes-core/libxml/libxml2_%.bbappend | |||
@@ -5,5 +5,6 @@ SRC_URI += "file://CVE-2017-0663.patch \ | |||
5 | file://CVE-2017-5969.patch \ | 5 | file://CVE-2017-5969.patch \ |
6 | file://CVE-2017-9047_CVE-2017-9048.patch \ | 6 | file://CVE-2017-9047_CVE-2017-9048.patch \ |
7 | file://CVE-2017-9049_CVE-2017-9050.patch \ | 7 | file://CVE-2017-9049_CVE-2017-9050.patch \ |
8 | file://libxml2-CVE-2017-8872.patch \ | ||
8 | " | 9 | " |
9 | 10 | ||