summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch49
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.10.bb1
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch b/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
new file mode 100644
index 0000000000..defbe7867b
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
@@ -0,0 +1,49 @@
1From 5ae9c39401f679648301efa6d2d35e09cc376462 Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Sat, 1 May 2021 16:53:33 +0200
4Subject: [PATCH 3/3] Propagate error in xmlParseElementChildrenContentDeclPriv
5
6Check return value of recursive calls to
7xmlParseElementChildrenContentDeclPriv and return immediately in case
8of errors. Otherwise, struct xmlElementContent could contain unexpected
9null pointers, leading to a null deref when post-validating documents
10which aren't well-formed and parsed in recovery mode.
11
12Fixes #243.
13
14CVE: CVE-2021-3537
15Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61]
16
17Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
18---
19 parser.c | 7 +++++++
20 1 file changed, 7 insertions(+)
21
22diff --git a/parser.c b/parser.c
23index a34bb6cd..bbcff39f 100644
24--- a/parser.c
25+++ b/parser.c
26@@ -6195,6 +6195,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
27 SKIP_BLANKS;
28 cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
29 depth + 1);
30+ if (cur == NULL)
31+ return(NULL);
32 SKIP_BLANKS;
33 GROW;
34 } else {
35@@ -6328,6 +6330,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
36 SKIP_BLANKS;
37 last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
38 depth + 1);
39+ if (last == NULL) {
40+ if (ret != NULL)
41+ xmlFreeDocElementContent(ctxt->myDoc, ret);
42+ return(NULL);
43+ }
44 SKIP_BLANKS;
45 } else {
46 elem = xmlParseName(ctxt);
47--
482.25.1
49
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index 6f1229c2d0..b850164285 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
26 file://fix-python39.patch \ 26 file://fix-python39.patch \
27 file://CVE-2021-3517.patch \ 27 file://CVE-2021-3517.patch \
28 file://CVE-2021-3516.patch \ 28 file://CVE-2021-3516.patch \
29 file://CVE-2021-3537.patch \
29 " 30 "
30 31
31SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5" 32SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"