summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-02-24 08:07:43 (GMT)
committerTudor Florea <tudor.florea@enea.com>2016-02-25 00:44:12 (GMT)
commit04f8b06b024193eb1473458b92dac16809c29e08 (patch)
tree054398fe723d7debb06ff347a0e80ad79e18d54d
parent0abe94ddc51e964eec027d22637381f274f8b133 (diff)
downloadpoky-04f8b06b024193eb1473458b92dac16809c29e08.tar.gz
libxml2: CVE-2015-8242
Fixes buffer overread with HTML parser in push mode in xmlSAX2TextNode [NEEDINFO]. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch49
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 2dc4d57..87aa21e 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -27,6 +27,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
27 file://CVE-2015-8035.patch \ 27 file://CVE-2015-8035.patch \
28 file://CVE-2015-8241.patch \ 28 file://CVE-2015-8241.patch \
29 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ 29 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
30 file://CVE-2015-8242-Buffer-overead-with-HTML-parser.patch \
30 " 31 "
31 32
32BINCONFIG = "${bindir}/xml2-config" 33BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch
new file mode 100644
index 0000000..73531b3
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch
@@ -0,0 +1,49 @@
1From 8fb4a770075628d6441fb17a1e435100e2f3b1a2 Mon Sep 17 00:00:00 2001
2From: Hugh Davenport <hugh@allthethings.co.nz>
3Date: Fri, 20 Nov 2015 17:16:06 +0800
4Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=756372
7Error in the code pointing to the codepoint in the stack for the
8current char value instead of the pointer in the input that the SAX
9callback expects
10Reported and fixed by Hugh Davenport
11
12Upstream-Status: Backport
13
14CVE-2015-8242
15
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 HTMLparser.c | 6 +++---
20 1 file changed, 3 insertions(+), 3 deletions(-)
21
22diff --git a/HTMLparser.c b/HTMLparser.c
23index bdf7807..b729197 100644
24--- a/HTMLparser.c
25+++ b/HTMLparser.c
26@@ -5735,17 +5735,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
27 if (ctxt->keepBlanks) {
28 if (ctxt->sax->characters != NULL)
29 ctxt->sax->characters(
30- ctxt->userData, &cur, 1);
31+ ctxt->userData, &in->cur[0], 1);
32 } else {
33 if (ctxt->sax->ignorableWhitespace != NULL)
34 ctxt->sax->ignorableWhitespace(
35- ctxt->userData, &cur, 1);
36+ ctxt->userData, &in->cur[0], 1);
37 }
38 } else {
39 htmlCheckParagraph(ctxt);
40 if (ctxt->sax->characters != NULL)
41 ctxt->sax->characters(
42- ctxt->userData, &cur, 1);
43+ ctxt->userData, &in->cur[0], 1);
44 }
45 }
46 ctxt->token = 0;
47--
482.3.5
49