diff options
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch b/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch new file mode 100644 index 0000000000..9e64c2a36d --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
3 | Date: Sat, 1 May 2021 16:53:33 +0200 | ||
4 | Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv | ||
5 | |||
6 | Check return value of recursive calls to | ||
7 | xmlParseElementChildrenContentDeclPriv and return immediately in case | ||
8 | of errors. Otherwise, struct xmlElementContent could contain unexpected | ||
9 | null pointers, leading to a null deref when post-validating documents | ||
10 | which aren't well-formed and parsed in recovery mode. | ||
11 | |||
12 | Fixes #243. | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | [https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61] | ||
16 | CVE: CVE-2021-3537 | ||
17 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
18 | |||
19 | --- | ||
20 | parser.c | 7 +++++++ | ||
21 | 1 file changed, 7 insertions(+) | ||
22 | |||
23 | diff --git a/parser.c b/parser.c | ||
24 | index b42e6043..73c27edd 100644 | ||
25 | --- a/parser.c | ||
26 | +++ b/parser.c | ||
27 | @@ -6208,6 +6208,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, | ||
28 | SKIP_BLANKS; | ||
29 | cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, | ||
30 | depth + 1); | ||
31 | + if (cur == NULL) | ||
32 | + return(NULL); | ||
33 | SKIP_BLANKS; | ||
34 | GROW; | ||
35 | } else { | ||
36 | @@ -6341,6 +6343,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, | ||
37 | SKIP_BLANKS; | ||
38 | last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, | ||
39 | depth + 1); | ||
40 | + if (last == NULL) { | ||
41 | + if (ret != NULL) | ||
42 | + xmlFreeDocElementContent(ctxt->myDoc, ret); | ||
43 | + return(NULL); | ||
44 | + } | ||
45 | SKIP_BLANKS; | ||
46 | } else { | ||
47 | elem = xmlParseName(ctxt); | ||
48 | -- | ||
49 | GitLab | ||
50 | |||