summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-02-24 09:07:42 +0100
committerTudor Florea <tudor.florea@enea.com>2016-02-25 01:44:05 +0100
commit0abe94ddc51e964eec027d22637381f274f8b133 (patch)
tree8fd18bc80e1fd343e54e7cf709b2ee25eefd1504 /meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch
parent5bebd3abb85fec2af8d49045f696d73ec6a169c5 (diff)
downloadpoky-0abe94ddc51e964eec027d22637381f274f8b133.tar.gz
libxml2: CVE-2015-8317
Fixes out-of-bounds heap read when parsing file with unfinished xml declaration. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch')
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch
new file mode 100644
index 0000000000..a5eee02bc2
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch
@@ -0,0 +1,42 @@
1From 709a952110e98621c9b78c4f26462a9d8333102e Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Mon, 29 Jun 2015 16:10:26 +0800
4Subject: [PATCH] Fail parsing early on if encoding conversion failed
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=751631
7
8If we fail conversing the current input stream while
9processing the encoding declaration of the XMLDecl
10then it's safer to just abort there and not try to
11report further errors.
12
13Upstream-Status: Backport
14
15CVE: CVE-2015-8317
16
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18
19---
20 parser.c | 6 +++++-
21 1 file changed, 5 insertions(+), 1 deletion(-)
22
23diff --git a/parser.c b/parser.c
24index a3a9568..0edd53b 100644
25--- a/parser.c
26+++ b/parser.c
27@@ -10471,7 +10471,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
28
29 handler = xmlFindCharEncodingHandler((const char *) encoding);
30 if (handler != NULL) {
31- xmlSwitchToEncoding(ctxt, handler);
32+ if (xmlSwitchToEncoding(ctxt, handler) < 0) {
33+ /* failed to convert */
34+ ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING;
35+ return(NULL);
36+ }
37 } else {
38 xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING,
39 "Unsupported encoding %s\n", encoding);
40--
412.3.5
42