summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2016-12-12 14:20:21 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-01-11 17:21:46 +0000
commitc8f4fb15de070b7462eee66a5e0e0b63b704046b (patch)
tree515b55948c2de2b7ebf040a75e170a0c8c03e762 /meta
parent359189b6e6e5307156b08f0b7922a79e6acea1e2 (diff)
downloadpoky-c8f4fb15de070b7462eee66a5e0e0b63b704046b.tar.gz
libxml2: Fix more NULL pointer derefs
The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. (From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601) (From OE-Core rev: 401d552f9e4ed3341e42864e566dddb2b26019dc) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch46
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.4.bb1
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
new file mode 100644
index 0000000000..83552ca3ec
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
@@ -0,0 +1,46 @@
1libxml2-2.9.4: Fix more NULL pointer derefs
2
3xpointer: Fix more NULL pointer derefs
4
5Upstream-Status: Backported [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
6CVE: -
7Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
8Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
9
10diff --git a/xpointer.c b/xpointer.c
11index 676c510..074db24 100644
12--- a/xpointer.c
13+++ b/xpointer.c
14@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
15 /*
16 * Empty set ...
17 */
18- if (end->nodesetval->nodeNr <= 0)
19+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
20 return(NULL);
21 break;
22 default:
23@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
24 */
25 xmlNodeSetPtr set;
26 set = tmp->nodesetval;
27- if ((set->nodeNr != 1) ||
28+ if ((set == NULL) || (set->nodeNr != 1) ||
29 (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
30 stack++;
31 } else
32@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
33 xmlXPathFreeObject(set);
34 XP_ERROR(XPATH_MEMORY_ERROR);
35 }
36- for (i = 0;i < oldset->locNr;i++) {
37- xmlXPtrLocationSetAdd(newset,
38- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
39+ if (oldset != NULL) {
40+ for (i = 0;i < oldset->locNr;i++) {
41+ xmlXPtrLocationSetAdd(newset,
42+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
43+ }
44 }
45
46 /*
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index a1d1e9e12d..ba08c9c994 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -22,6 +22,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
22 file://libxml2-fix_node_comparison.patch \ 22 file://libxml2-fix_node_comparison.patch \
23 file://libxml2-CVE-2016-5131.patch \ 23 file://libxml2-CVE-2016-5131.patch \
24 file://libxml2-CVE-2016-4658.patch \ 24 file://libxml2-CVE-2016-4658.patch \
25 file://libxml2-fix_NULL_pointer_derefs.patch \
25 " 26 "
26 27
27SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" 28SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"