diff options
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch new file mode 100644 index 0000000000..907f2c4d47 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | From e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
3 | Date: Fri, 7 Apr 2023 11:46:35 +0200 | ||
4 | Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType | ||
5 | |||
6 | Fix a null pointer dereference when parsing (invalid) XML schemas. | ||
7 | |||
8 | Thanks to Robby Simpson for the report! | ||
9 | |||
10 | Fixes #491. | ||
11 | |||
12 | CVE: CVE-2023-28484 | ||
13 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68] | ||
14 | |||
15 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
16 | --- | ||
17 | result/schemas/issue491_0_0.err | 1 + | ||
18 | test/schemas/issue491_0.xml | 1 + | ||
19 | test/schemas/issue491_0.xsd | 18 ++++++++++++++++++ | ||
20 | xmlschemas.c | 2 +- | ||
21 | 4 files changed, 21 insertions(+), 1 deletion(-) | ||
22 | create mode 100644 result/schemas/issue491_0_0.err | ||
23 | create mode 100644 test/schemas/issue491_0.xml | ||
24 | create mode 100644 test/schemas/issue491_0.xsd | ||
25 | |||
26 | diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err | ||
27 | new file mode 100644 | ||
28 | index 00000000..9b2bb969 | ||
29 | --- /dev/null | ||
30 | +++ b/result/schemas/issue491_0_0.err | ||
31 | @@ -0,0 +1 @@ | ||
32 | +./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'. | ||
33 | diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml | ||
34 | new file mode 100644 | ||
35 | index 00000000..e2b2fc2e | ||
36 | --- /dev/null | ||
37 | +++ b/test/schemas/issue491_0.xml | ||
38 | @@ -0,0 +1 @@ | ||
39 | +<Child xmlns="http://www.test.com">5</Child> | ||
40 | diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd | ||
41 | new file mode 100644 | ||
42 | index 00000000..81702649 | ||
43 | --- /dev/null | ||
44 | +++ b/test/schemas/issue491_0.xsd | ||
45 | @@ -0,0 +1,18 @@ | ||
46 | +<?xml version='1.0' encoding='UTF-8'?> | ||
47 | +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified"> | ||
48 | + <xs:complexType name="BaseType"> | ||
49 | + <xs:simpleContent> | ||
50 | + <xs:extension base="xs:int" /> | ||
51 | + </xs:simpleContent> | ||
52 | + </xs:complexType> | ||
53 | + <xs:complexType name="ChildType"> | ||
54 | + <xs:complexContent> | ||
55 | + <xs:extension base="BaseType"> | ||
56 | + <xs:sequence> | ||
57 | + <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/> | ||
58 | + </xs:sequence> | ||
59 | + </xs:extension> | ||
60 | + </xs:complexContent> | ||
61 | + </xs:complexType> | ||
62 | + <xs:element name="Child" type="ChildType" /> | ||
63 | +</xs:schema> | ||
64 | diff --git a/xmlschemas.c b/xmlschemas.c | ||
65 | index 6a353858..a4eaf591 100644 | ||
66 | --- a/xmlschemas.c | ||
67 | +++ b/xmlschemas.c | ||
68 | @@ -18632,7 +18632,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt, | ||
69 | "allowed to appear inside other model groups", | ||
70 | NULL, NULL); | ||
71 | |||
72 | - } else if (! dummySequence) { | ||
73 | + } else if ((!dummySequence) && (baseType->subtypes != NULL)) { | ||
74 | xmlSchemaTreeItemPtr effectiveContent = | ||
75 | (xmlSchemaTreeItemPtr) type->subtypes; | ||
76 | /* | ||
77 | -- | ||
78 | GitLab | ||
79 | |||