libxml2: Fix for CVE-2022-49043

Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b] Reference: https://access.redhat.com/security/cve/cve-2022-49043 (From OE-Core rev: 82b6c943bb6435171d1924cbebe794b901eb3705) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2025-02-13 12:24:47 +0530
committer: Steve Sakoman <steve@sakoman.com> 2025-02-24 07:00:53 -0800
commit: 553a8e2ab3c6dd01def8499ab72cf2795fd5f382 (patch)
tree: 7671eb24cda7a8631c80bbd0b2613cc45a17f08a
parent: 0160cb77513e7df459942b21c5b5851731e330e1 (diff)
download: poky-553a8e2ab3c6dd01def8499ab72cf2795fd5f382.tar.gz
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch
new file mode 100644
index 0000000000..25c7bc847c
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch
@@ -0,0 +1,38 @@
+From 5a19e21605398cef6a8b1452477a8705cb41562b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 2 Nov 2022 16:13:27 +0100
+Subject: [PATCH] malloc-fail: Fix use-after-free in xmlXIncludeAddNode
+Found with libFuzzer, see #344.
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b]
+CVE: CVE-2022-49043
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xinclude.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/xinclude.c b/xinclude.c
+index e5fdf0f..36fa8ec 100644
+--- a/xinclude.c
+++ b/xinclude.c
+@@ -612,14 +612,15 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur) {
+     }
+     URL = xmlSaveUri(uri);
+     xmlFreeURI(uri);
+-    xmlFree(URI);
+     if (URL == NULL) {
+        xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI,
+                       "invalid value URI %s\n", URI);
+        if (fragment != NULL)
+            xmlFree(fragment);
+       xmlFree(URI);
+        return(-1);
+     }
+    xmlFree(URI);
+ 
+     if (xmlStrEqual(URL, ctxt->doc->URL))
+        local = 1;
+-- 
+2.25.1
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 94b3b510ae..ecaae0b436 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -33,6 +33,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
           file://CVE-2023-45322-2.patch \
           file://CVE-2024-25062.patch \
           file://CVE-2024-34459.patch \
+           file://CVE-2022-49043.patch \
           "
 SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
author	Vijay Anusuri <vanusuri@mvista.com>	2025-02-13 12:24:47 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-02-24 07:00:53 -0800
commit	553a8e2ab3c6dd01def8499ab72cf2795fd5f382 (patch)
tree	7671eb24cda7a8631c80bbd0b2613cc45a17f08a
parent	0160cb77513e7df459942b21c5b5851731e330e1 (diff)
download	poky-553a8e2ab3c6dd01def8499ab72cf2795fd5f382.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch new file mode 100644 index 0000000000..25c7bc847c --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch
@@ -0,0 +1,38 @@
		1	From 5a19e21605398cef6a8b1452477a8705cb41562b Mon Sep 17 00:00:00 2001
		2	From: Nick Wellnhofer <wellnhofer@aevum.de>
		3	Date: Wed, 2 Nov 2022 16:13:27 +0100
		4	Subject: [PATCH] malloc-fail: Fix use-after-free in xmlXIncludeAddNode
		5
		6	Found with libFuzzer, see #344.
		7
		8	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b]
		9	CVE: CVE-2022-49043
		10	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		11	---
		12	xinclude.c \| 3 ++-
		13	1 file changed, 2 insertions(+), 1 deletion(-)
		14
		15	diff --git a/xinclude.c b/xinclude.c
		16	index e5fdf0f..36fa8ec 100644
		17	--- a/xinclude.c
		18	+++ b/xinclude.c
		19	@@ -612,14 +612,15 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur) {
		20	}
		21	URL = xmlSaveUri(uri);
		22	xmlFreeURI(uri);
		23	- xmlFree(URI);
		24	if (URL == NULL) {
		25	xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI,
		26	"invalid value URI %s\n", URI);
		27	if (fragment != NULL)
		28	xmlFree(fragment);
		29	+ xmlFree(URI);
		30	return(-1);
		31	}
		32	+ xmlFree(URI);
		33
		34	if (xmlStrEqual(URL, ctxt->doc->URL))
		35	local = 1;
		36	--
		37	2.25.1
		38


diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index 94b3b510ae..ecaae0b436 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -33,6 +33,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
33	file://CVE-2023-45322-2.patch \	33	file://CVE-2023-45322-2.patch \
34	file://CVE-2024-25062.patch \	34	file://CVE-2024-25062.patch \
35	file://CVE-2024-34459.patch \	35	file://CVE-2024-34459.patch \
		36	file://CVE-2022-49043.patch \
36	"	37	"
37		38
38	SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"	39	SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"