diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2016-12-12 14:20:21 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-12-16 10:23:23 +0000 |
commit | 1ffb967de676ce68c8fc97d20611ea3eb6f6786b (patch) | |
tree | 4725eab2fea077c4ed6adfcff8e90459a3d3e880 /meta/recipes-core | |
parent | aa346581fd60d3e4ee2ce6d899594c238ebf0560 (diff) | |
download | poky-1ffb967de676ce68c8fc97d20611ea3eb6f6786b.tar.gz |
libxml2: Fix more NULL pointer derefs
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.
(From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch | 46 | ||||
-rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch new file mode 100644 index 0000000000..83552ca3ec --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | libxml2-2.9.4: Fix more NULL pointer derefs | ||
2 | |||
3 | xpointer: Fix more NULL pointer derefs | ||
4 | |||
5 | Upstream-Status: Backported [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd] | ||
6 | CVE: - | ||
7 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
8 | Signed-off-by: Pascal Bach <pascal.bach@siemens.com> | ||
9 | |||
10 | diff --git a/xpointer.c b/xpointer.c | ||
11 | index 676c510..074db24 100644 | ||
12 | --- a/xpointer.c | ||
13 | +++ b/xpointer.c | ||
14 | @@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { | ||
15 | /* | ||
16 | * Empty set ... | ||
17 | */ | ||
18 | - if (end->nodesetval->nodeNr <= 0) | ||
19 | + if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0)) | ||
20 | return(NULL); | ||
21 | break; | ||
22 | default: | ||
23 | @@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) { | ||
24 | */ | ||
25 | xmlNodeSetPtr set; | ||
26 | set = tmp->nodesetval; | ||
27 | - if ((set->nodeNr != 1) || | ||
28 | + if ((set == NULL) || (set->nodeNr != 1) || | ||
29 | (set->nodeTab[0] != (xmlNodePtr) ctx->doc)) | ||
30 | stack++; | ||
31 | } else | ||
32 | @@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) { | ||
33 | xmlXPathFreeObject(set); | ||
34 | XP_ERROR(XPATH_MEMORY_ERROR); | ||
35 | } | ||
36 | - for (i = 0;i < oldset->locNr;i++) { | ||
37 | - xmlXPtrLocationSetAdd(newset, | ||
38 | - xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); | ||
39 | + if (oldset != NULL) { | ||
40 | + for (i = 0;i < oldset->locNr;i++) { | ||
41 | + xmlXPtrLocationSetAdd(newset, | ||
42 | + xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); | ||
43 | + } | ||
44 | } | ||
45 | |||
46 | /* | ||
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index a1d1e9e12d..ba08c9c994 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb | |||
@@ -22,6 +22,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ | |||
22 | file://libxml2-fix_node_comparison.patch \ | 22 | file://libxml2-fix_node_comparison.patch \ |
23 | file://libxml2-CVE-2016-5131.patch \ | 23 | file://libxml2-CVE-2016-5131.patch \ |
24 | file://libxml2-CVE-2016-4658.patch \ | 24 | file://libxml2-CVE-2016-4658.patch \ |
25 | file://libxml2-fix_NULL_pointer_derefs.patch \ | ||
25 | " | 26 | " |
26 | 27 | ||
27 | SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" | 28 | SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" |