summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-02-24 08:07:42 (GMT)
committerTudor Florea <tudor.florea@enea.com>2016-02-25 00:44:05 (GMT)
commit0abe94ddc51e964eec027d22637381f274f8b133 (patch)
tree8fd18bc80e1fd343e54e7cf709b2ee25eefd1504
parent5bebd3abb85fec2af8d49045f696d73ec6a169c5 (diff)
downloadpoky-0abe94ddc51e964eec027d22637381f274f8b133.tar.gz
libxml2: CVE-2015-8317
Fixes out-of-bounds heap read when parsing file with unfinished xml declaration. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch42
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 2dafeb4..2dc4d57 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
26 file://CVE-2015-7942.patch \ 26 file://CVE-2015-7942.patch \
27 file://CVE-2015-8035.patch \ 27 file://CVE-2015-8035.patch \
28 file://CVE-2015-8241.patch \ 28 file://CVE-2015-8241.patch \
29 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
29 " 30 "
30 31
31BINCONFIG = "${bindir}/xml2-config" 32BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch
new file mode 100644
index 0000000..a5eee02
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch
@@ -0,0 +1,42 @@
1From 709a952110e98621c9b78c4f26462a9d8333102e Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Mon, 29 Jun 2015 16:10:26 +0800
4Subject: [PATCH] Fail parsing early on if encoding conversion failed
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=751631
7
8If we fail conversing the current input stream while
9processing the encoding declaration of the XMLDecl
10then it's safer to just abort there and not try to
11report further errors.
12
13Upstream-Status: Backport
14
15CVE: CVE-2015-8317
16
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18
19---
20 parser.c | 6 +++++-
21 1 file changed, 5 insertions(+), 1 deletion(-)
22
23diff --git a/parser.c b/parser.c
24index a3a9568..0edd53b 100644
25--- a/parser.c
26+++ b/parser.c
27@@ -10471,7 +10471,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
28
29 handler = xmlFindCharEncodingHandler((const char *) encoding);
30 if (handler != NULL) {
31- xmlSwitchToEncoding(ctxt, handler);
32+ if (xmlSwitchToEncoding(ctxt, handler) < 0) {
33+ /* failed to convert */
34+ ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING;
35+ return(NULL);
36+ }
37 } else {
38 xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING,
39 "Unsupported encoding %s\n", encoding);
40--
412.3.5
42