From 781e18aca10e772c75eed6246400a19b3adf4766 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Thu, 21 Sep 2017 13:57:06 +0200
Subject: libxml2: CVE-2017-8872

Out-of-bounds read in htmlParseTryOrFinish

Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872

Backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
---
 .../libxml/libxml2/libxml2-CVE-2017-8872.patch     | 41 ++++++++++++++++++++++
 recipes-core/libxml/libxml2_%.bbappend             |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch

diff --git a/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
new file mode 100644
index 0000000..6319280
--- /dev/null
+++ b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
@@ -0,0 +1,41 @@
+From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 23 Aug 2017 16:04:49 +0800
+Subject: [PATCH] fix CVE-2017-8872
+
+this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
+il too here.
+
+this seems to cure this specific issue, and also passes the testsuite
+
+Signed-off-by: Marcus Meissner <meissner@suse.de>
+
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+
+CVE: CVE-2017-8872
+Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 9506ead..6c07ffd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+ 	}
+ 	ctxt->input->cur = BAD_CAST"";
+ 	ctxt->input->base = ctxt->input->cur;
++	if (ctxt->input->buf) {
++		xmlBufEmpty (ctxt->input->buf->buffer);
++	} else
++		ctxt->input->length = 0;
+     }
+ }
+ 
+-- 
+2.7.4
+
diff --git a/recipes-core/libxml/libxml2_%.bbappend b/recipes-core/libxml/libxml2_%.bbappend
index 01e59d3..b4f5d38 100644
--- a/recipes-core/libxml/libxml2_%.bbappend
+++ b/recipes-core/libxml/libxml2_%.bbappend
@@ -5,5 +5,6 @@ SRC_URI += "file://CVE-2017-0663.patch \
             file://CVE-2017-5969.patch \
             file://CVE-2017-9047_CVE-2017-9048.patch \
             file://CVE-2017-9049_CVE-2017-9050.patch \
+            file://libxml2-CVE-2017-8872.patch \
            "
 
-- 
cgit v1.2.3-54-g00ecf