diff options
Diffstat (limited to 'recipes-core')
| -rw-r--r-- | recipes-core/libxml/libxml2/CVE-2017-5969.patch | 68 | ||||
| -rw-r--r-- | recipes-core/libxml/libxml2_%.bbappend | 6 |
2 files changed, 74 insertions, 0 deletions
diff --git a/recipes-core/libxml/libxml2/CVE-2017-5969.patch b/recipes-core/libxml/libxml2/CVE-2017-5969.patch new file mode 100644 index 0000000..0c5efbe --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2017-5969.patch | |||
| @@ -0,0 +1,68 @@ | |||
| 1 | From 94691dc884d1a8ada39f073408b4bb92fe7fe882 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daniel Veillard <veillard@redhat.com> | ||
| 3 | Date: Wed, 7 Jun 2017 16:47:36 +0200 | ||
| 4 | Subject: [PATCH] Fix NULL pointer deref in xmlDumpElementContent | ||
| 5 | |||
| 6 | Can only be triggered in recovery mode. | ||
| 7 | |||
| 8 | Fixes bug 758422 (CVE-2017-5969). | ||
| 9 | |||
| 10 | CVE: CVE-2017-5969 | ||
| 11 | Upstream-Status: Backport | ||
| 12 | |||
| 13 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
| 14 | --- | ||
| 15 | valid.c | 24 ++++++++++++++---------- | ||
| 16 | 1 file changed, 14 insertions(+), 10 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/valid.c b/valid.c | ||
| 19 | index 9b2df56..8075d3a 100644 | ||
| 20 | --- a/valid.c | ||
| 21 | +++ b/valid.c | ||
| 22 | @@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) | ||
| 23 | xmlBufferWriteCHAR(buf, content->name); | ||
| 24 | break; | ||
| 25 | case XML_ELEMENT_CONTENT_SEQ: | ||
| 26 | - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || | ||
| 27 | - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) | ||
| 28 | + if ((content->c1 != NULL) && | ||
| 29 | + ((content->c1->type == XML_ELEMENT_CONTENT_OR) || | ||
| 30 | + (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) | ||
| 31 | xmlDumpElementContent(buf, content->c1, 1); | ||
| 32 | else | ||
| 33 | xmlDumpElementContent(buf, content->c1, 0); | ||
| 34 | xmlBufferWriteChar(buf, " , "); | ||
| 35 | - if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || | ||
| 36 | - ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && | ||
| 37 | - (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) | ||
| 38 | + if ((content->c2 != NULL) && | ||
| 39 | + ((content->c2->type == XML_ELEMENT_CONTENT_OR) || | ||
| 40 | + ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && | ||
| 41 | + (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) | ||
| 42 | xmlDumpElementContent(buf, content->c2, 1); | ||
| 43 | else | ||
| 44 | xmlDumpElementContent(buf, content->c2, 0); | ||
| 45 | break; | ||
| 46 | case XML_ELEMENT_CONTENT_OR: | ||
| 47 | - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || | ||
| 48 | - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) | ||
| 49 | + if ((content->c1 != NULL) && | ||
| 50 | + ((content->c1->type == XML_ELEMENT_CONTENT_OR) || | ||
| 51 | + (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) | ||
| 52 | xmlDumpElementContent(buf, content->c1, 1); | ||
| 53 | else | ||
| 54 | xmlDumpElementContent(buf, content->c1, 0); | ||
| 55 | xmlBufferWriteChar(buf, " | "); | ||
| 56 | - if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || | ||
| 57 | - ((content->c2->type == XML_ELEMENT_CONTENT_OR) && | ||
| 58 | - (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) | ||
| 59 | + if ((content->c2 != NULL) && | ||
| 60 | + ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || | ||
| 61 | + ((content->c2->type == XML_ELEMENT_CONTENT_OR) && | ||
| 62 | + (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) | ||
| 63 | xmlDumpElementContent(buf, content->c2, 1); | ||
| 64 | else | ||
| 65 | xmlDumpElementContent(buf, content->c2, 0); | ||
| 66 | -- | ||
| 67 | 1.9.1 | ||
| 68 | |||
diff --git a/recipes-core/libxml/libxml2_%.bbappend b/recipes-core/libxml/libxml2_%.bbappend new file mode 100644 index 0000000..271f582 --- /dev/null +++ b/recipes-core/libxml/libxml2_%.bbappend | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | # look for files in the layer first | ||
| 2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
| 3 | |||
| 4 | SRC_URI += "file://CVE-2017-5969.patch \ | ||
| 5 | " | ||
| 6 | |||