summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2015-11-03 08:06:31 (GMT)
committerTudor Florea <tudor.florea@enea.com>2015-11-03 14:35:03 (GMT)
commitbf6c30908948b7bc9be1206fe88c09dc3f526387 (patch)
tree5e0bee39994b637d08871ba05bbbbb23fb61a6fe
parent753ec70905a680f653768572b481f3637b733fdf (diff)
downloadpoky-bf6c30908948b7bc9be1206fe88c09dc3f526387.tar.gz
libxml2: CVE-2015-7942
Fixes heap-based buffer overflow in xmlParseConditionalSections(). Upstream patch: https://git.gnome.org/browse/libxml2/commit/ ?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch58
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 840a8eb..15a2421 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -23,6 +23,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
23 file://libxml-m4-use-pkgconfig.patch \ 23 file://libxml-m4-use-pkgconfig.patch \
24 file://libxml2-CVE-2014-3660.patch \ 24 file://libxml2-CVE-2014-3660.patch \
25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ 25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
26 file://CVE-2015-7942.patch \
26 " 27 "
27 28
28BINCONFIG = "${bindir}/xml2-config" 29BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
new file mode 100644
index 0000000..738ae94
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
@@ -0,0 +1,58 @@
1From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Mon, 23 Feb 2015 11:29:20 +0800
4Subject: Cleanup conditional section error handling
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=744980
7
8The error handling of Conditional Section also need to be
9straightened as the structure of the document can't be
10guessed on a failure there and it's better to stop parsing
11as further errors are likely to be irrelevant.
12
13Fixes CVE-2015-7942.
14Upstream-Status: Backport
15
16Upstream patch:
17https://git.gnome.org/browse/libxml2/commit/
18?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
19
20Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
21---
22 parser.c | 6 ++++++
23 1 file changed, 6 insertions(+)
24
25diff --git a/parser.c b/parser.c
26index bbe97eb..fe603ac 100644
27--- a/parser.c
28+++ b/parser.c
29@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
30 SKIP_BLANKS;
31 if (RAW != '[') {
32 xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
33+ xmlStopParser(ctxt);
34+ return;
35 } else {
36 if (ctxt->input->id != id) {
37 xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
38@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
39 SKIP_BLANKS;
40 if (RAW != '[') {
41 xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
42+ xmlStopParser(ctxt);
43+ return;
44 } else {
45 if (ctxt->input->id != id) {
46 xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
47@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
48
49 } else {
50 xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
51+ xmlStopParser(ctxt);
52+ return;
53 }
54
55 if (RAW == 0)
56--
57cgit v0.11.2
58