diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2024-01-12 08:34:06 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-01-21 08:33:19 -1000 |
commit | 2f7e1a230e17860dfc8fb735d4778510600a42db (patch) | |
tree | c75f12ee4494f38d95458123a5a7f80141043fd8 /meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch | |
parent | 0948746aac0197b97fd4b6063a30b1bcda2c6436 (diff) | |
download | poky-2f7e1a230e17860dfc8fb735d4778510600a42db.tar.gz |
libxml2: Fix for CVE-2023-45322
Backport patch for gitlab issue mentioned in NVD CVE report.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
Backport also one of 14 patches for older issue with similar errors
to have clean cherry-pick without patch fuzz.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
The CVE is disputed because the maintainer does not think that
errors after memory allocation failures are not critical enough
to warrant a CVE ID.
This patch will formally fix reported error case, trying to backport
another 13 patches and resolve conflicts would be probably overkill
due to disputed state.
This CVE was ignored on master branch (as diputed).
(From OE-Core rev: 03b766e42beb42a2085285308acbcf941f346b06)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch new file mode 100644 index 0000000000..182bb29abd --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | From a22bd982bf10291deea8ba0c61bf75b898c604ce Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
3 | Date: Wed, 2 Nov 2022 15:44:42 +0100 | ||
4 | Subject: [PATCH] malloc-fail: Fix memory leak in xmlStaticCopyNodeList | ||
5 | |||
6 | Found with libFuzzer, see #344. | ||
7 | |||
8 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/a22bd982bf10291deea8ba0c61bf75b898c604ce] | ||
9 | |||
10 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
11 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
12 | --- | ||
13 | tree.c | 7 +++++-- | ||
14 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
15 | |||
16 | diff --git a/tree.c b/tree.c | ||
17 | index 507869efe..647288ce3 100644 | ||
18 | --- a/tree.c | ||
19 | +++ b/tree.c | ||
20 | @@ -4461,7 +4461,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { | ||
21 | } | ||
22 | if (doc->intSubset == NULL) { | ||
23 | q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); | ||
24 | - if (q == NULL) return(NULL); | ||
25 | + if (q == NULL) goto error; | ||
26 | q->doc = doc; | ||
27 | q->parent = parent; | ||
28 | doc->intSubset = (xmlDtdPtr) q; | ||
29 | @@ -4473,7 +4473,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { | ||
30 | } else | ||
31 | #endif /* LIBXML_TREE_ENABLED */ | ||
32 | q = xmlStaticCopyNode(node, doc, parent, 1); | ||
33 | - if (q == NULL) return(NULL); | ||
34 | + if (q == NULL) goto error; | ||
35 | if (ret == NULL) { | ||
36 | q->prev = NULL; | ||
37 | ret = p = q; | ||
38 | @@ -4486,6 +4486,9 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { | ||
39 | node = node->next; | ||
40 | } | ||
41 | return(ret); | ||
42 | +error: | ||
43 | + xmlFreeNodeList(ret); | ||
44 | + return(NULL); | ||
45 | } | ||
46 | |||
47 | /** | ||
48 | -- | ||
49 | GitLab | ||
50 | |||