libxml2: fix CVE-2017-8872

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. https://bugzilla.gnome.org/show_bug.cgi?id=775200 (From OE-Core rev: dac867dc63af70ae992c50697d2be95c3e7b58bb) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hongxu Jia <hongxu.jia@windriver.com> 2018-07-04 09:39:14 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-07-05 11:39:06 +0100
commit: 956ddcc9d480fe960637d897b9a0992eab8700a1 (patch)
tree: 1fb0df816a422a7cf0d8e220e2d66b1a1118ef93
parent: b6bb7e134569c47dcb313ef22a9cdf99928d6aae (diff)
download: poky-956ddcc9d480fe960637d897b9a0992eab8700a1.tar.gz
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch
new file mode 100644
index 0000000000..b34479f318
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch
@@ -0,0 +1,38 @@
+From b4bee17b158e289e5c4c9045e64e5374ccafe068 Mon Sep 17 00:00:00 2001
+From: Salvatore Bonaccorso <carnil@debian.org>
+Date: Tue, 3 Jul 2018 15:54:03 +0800
+Subject: [PATCH] Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872)
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+Fixes bug 775200.
+Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+Upstream-Status: Submitted
+https://bug775200.bugzilla-attachments.gnome.org/attachment.cgi?id=366193
+CVE: CVE-2017-8872
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ parser.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/parser.c b/parser.c
+index ca9fde2..fb4c889 100644
+--- a/parser.c
+++ b/parser.c
+@@ -12464,7 +12464,11 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+        }
+        ctxt->input->cur = BAD_CAST"";
+        ctxt->input->base = ctxt->input->cur;
+-        ctxt->input->end = ctxt->input->cur;
+       ctxt->input->end = ctxt->input->cur;
+       if (ctxt->input->buf)
+           xmlBufEmpty (ctxt->input->buf->buffer);
+       else
+           ctxt->input->length = 0;
+     }
+ }
+ 
+-- 
+2.7.4
diff --git a/meta/recipes-core/libxml/libxml2_2.9.8.bb b/meta/recipes-core/libxml/libxml2_2.9.8.bb
index d55e650911..1f22bb0b07 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.8.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.8.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
           file://libxml-m4-use-pkgconfig.patch \
           file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
           file://fix-execution-of-ptests.patch \
+           file://fix-CVE-2017-8872.patch \
           "
 SRC_URI[libtar.md5sum] = "b786e353e2aa1b872d70d5d1ca0c740d"
author	Hongxu Jia <hongxu.jia@windriver.com>	2018-07-04 09:39:14 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-07-05 11:39:06 +0100
commit	956ddcc9d480fe960637d897b9a0992eab8700a1 (patch)
tree	1fb0df816a422a7cf0d8e220e2d66b1a1118ef93
parent	b6bb7e134569c47dcb313ef22a9cdf99928d6aae (diff)
download	poky-956ddcc9d480fe960637d897b9a0992eab8700a1.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch new file mode 100644 index 0000000000..b34479f318 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch
@@ -0,0 +1,38 @@
		1	From b4bee17b158e289e5c4c9045e64e5374ccafe068 Mon Sep 17 00:00:00 2001
		2	From: Salvatore Bonaccorso <carnil@debian.org>
		3	Date: Tue, 3 Jul 2018 15:54:03 +0800
		4	Subject: [PATCH] Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872)
		5
		6	https://bugzilla.gnome.org/show_bug.cgi?id=775200
		7	Fixes bug 775200.
		8
		9	Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
		10
		11	Upstream-Status: Submitted
		12	https://bug775200.bugzilla-attachments.gnome.org/attachment.cgi?id=366193
		13	CVE: CVE-2017-8872
		14	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
		15	---
		16	parser.c \| 6 +++++-
		17	1 file changed, 5 insertions(+), 1 deletion(-)
		18
		19	diff --git a/parser.c b/parser.c
		20	index ca9fde2..fb4c889 100644
		21	--- a/parser.c
		22	+++ b/parser.c
		23	@@ -12464,7 +12464,11 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
		24	}
		25	ctxt->input->cur = BAD_CAST"";
		26	ctxt->input->base = ctxt->input->cur;
		27	- ctxt->input->end = ctxt->input->cur;
		28	+ ctxt->input->end = ctxt->input->cur;
		29	+ if (ctxt->input->buf)
		30	+ xmlBufEmpty (ctxt->input->buf->buffer);
		31	+ else
		32	+ ctxt->input->length = 0;
		33	}
		34	}
		35
		36	--
		37	2.7.4
		38


diff --git a/meta/recipes-core/libxml/libxml2_2.9.8.bb b/meta/recipes-core/libxml/libxml2_2.9.8.bb index d55e650911..1f22bb0b07 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.8.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.8.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
20	file://libxml-m4-use-pkgconfig.patch \	20	file://libxml-m4-use-pkgconfig.patch \
21	file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \	21	file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
22	file://fix-execution-of-ptests.patch \	22	file://fix-execution-of-ptests.patch \
		23	file://fix-CVE-2017-8872.patch \
23	"	24	"
24		25
25	SRC_URI[libtar.md5sum] = "b786e353e2aa1b872d70d5d1ca0c740d"	26	SRC_URI[libtar.md5sum] = "b786e353e2aa1b872d70d5d1ca0c740d"