diff options
author | Hongxu Jia <hongxu.jia@windriver.com> | 2017-08-23 04:30:45 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-09-11 22:15:58 +0100 |
commit | d2b60efe20f4d9dce03f8f351715b103a85b7338 (patch) | |
tree | 6b94371b58a079b8237a4bc16fbec18264aa8e0d /meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/restore_sigalarm.patch | |
parent | 6c657b844126abb399d7fd8638d569893ac02d60 (diff) | |
download | poky-d2b60efe20f4d9dce03f8f351715b103a85b7338.tar.gz |
libxml2: Fix CVE-2017-8872
fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403)
https://bugzilla.gnome.org/show_bug.cgi?id=775200
Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address"
...
export CC="clang"
export CFLAGS="-fsanitize=address"
./configure --disable-shared
make clean all -j
wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc
./xmllint --html --push poc
==2785==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08
READ of size 1 at 0x000000a0de21 thread T0 #0 0x6a7f6d
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d) #1 0x6a7356
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356) #2 0x4f4504
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504) #3 0x4f045e
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e) #4 0x7f81977d682f
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x419ad8
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8)
...
(From OE-Core rev: a615b0825927a09a0aa8312d131c9acbaef8956d)
(From OE-Core rev: 1c9d891886f35e6cc4485f244180d7d0ffa82cd3)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/restore_sigalarm.patch')
0 files changed, 0 insertions, 0 deletions