summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-07-09 14:31:00 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-07-27 08:29:58 +0100
commit17480a956d7fcdf8aa01d3825b50595926dd1d4b (patch)
tree5c26f705d9ced8f1c78e384b2f004d1a413f76f3
parentb3c799c831a2aed08c967f5083b15109be87f549 (diff)
downloadpoky-17480a956d7fcdf8aa01d3825b50595926dd1d4b.tar.gz
libxml2: Security fix for CVE-2016-4483.patch
affects libxml2 < 2.9.4 (From OE-Core rev: a28fea55f72284d3f4ed85f19f80b8475e726ee6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2016-4483.patch55
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.2.bb1
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-4483.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-4483.patch
new file mode 100644
index 0000000000..cf8d6badf3
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-4483.patch
@@ -0,0 +1,55 @@
1From c97750d11bb8b6f3303e7131fe526a61ac65bcfd Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Mon, 23 May 2016 13:39:13 +0800
4Subject: [PATCH] Avoid an out of bound access when serializing malformed
5 strings
6
7For https://bugzilla.gnome.org/show_bug.cgi?id=766414
8
9* xmlsave.c: xmlBufAttrSerializeTxtContent() if an attribute value
10 is not UTF-8 be more careful when serializing it as we may do an
11 out of bound access as a result.
12
13Upstream-Status: Backport
14CVE: CVE-2016-4483
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 xmlsave.c | 8 ++++----
19 1 file changed, 4 insertions(+), 4 deletions(-)
20
21diff --git a/xmlsave.c b/xmlsave.c
22index 774404b..4a8e3f3 100644
23--- a/xmlsave.c
24+++ b/xmlsave.c
25@@ -2097,8 +2097,8 @@ xmlBufAttrSerializeTxtContent(xmlBufPtr buf, xmlDocPtr doc,
26 xmlBufAdd(buf, BAD_CAST "&amp;", 5);
27 cur++;
28 base = cur;
29- } else if ((*cur >= 0x80) && ((doc == NULL) ||
30- (doc->encoding == NULL))) {
31+ } else if ((*cur >= 0x80) && (cur[1] != 0) &&
32+ ((doc == NULL) || (doc->encoding == NULL))) {
33 /*
34 * We assume we have UTF-8 content.
35 */
36@@ -2121,14 +2121,14 @@ xmlBufAttrSerializeTxtContent(xmlBufPtr buf, xmlDocPtr doc,
37 val <<= 6;
38 val |= (cur[1]) & 0x3F;
39 l = 2;
40- } else if (*cur < 0xF0) {
41+ } else if ((*cur < 0xF0) && (cur [2] != 0)) {
42 val = (cur[0]) & 0x0F;
43 val <<= 6;
44 val |= (cur[1]) & 0x3F;
45 val <<= 6;
46 val |= (cur[2]) & 0x3F;
47 l = 3;
48- } else if (*cur < 0xF8) {
49+ } else if ((*cur < 0xF8) && (cur [2] != 0) && (cur[3] != 0)) {
50 val = (cur[0]) & 0x07;
51 val <<= 6;
52 val |= (cur[1]) & 0x3F;
53--
542.3.5
55
diff --git a/meta/recipes-core/libxml/libxml2_2.9.2.bb b/meta/recipes-core/libxml/libxml2_2.9.2.bb
index e2400af62d..41cba644fe 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.2.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.2.bb
@@ -7,6 +7,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
7SRC_URI += "file://CVE-2016-1762.patch \ 7SRC_URI += "file://CVE-2016-1762.patch \
8 file://CVE-2016-3705.patch \ 8 file://CVE-2016-3705.patch \
9 file://CVE-2016-1834.patch \ 9 file://CVE-2016-1834.patch \
10 file://CVE-2016-4483.patch \
10 " 11 "
11 12
12SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788" 13SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-04-19 05:53:17 +0000