diff options
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch | 42 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 |
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch new file mode 100644 index 0000000000..6c7b1c11e7 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch | |||
| @@ -0,0 +1,42 @@ | |||
| 1 | From 245b70d7d2768572ae1b05b3668ca858b9ec4ed4 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
| 3 | Date: Tue, 10 Dec 2024 16:52:05 +0100 | ||
| 4 | Subject: [PATCH] [CVE-2024-56171] Fix use-after-free after | ||
| 5 | xmlSchemaItemListAdd | ||
| 6 | |||
| 7 | xmlSchemaItemListAdd can reallocate the items array. Update local | ||
| 8 | variables after adding item in | ||
| 9 | |||
| 10 | - xmlSchemaIDCFillNodeTables | ||
| 11 | - xmlSchemaBubbleIDCNodeTables | ||
| 12 | |||
| 13 | Fixes #828. | ||
| 14 | |||
| 15 | CVE: CVE-2024-56171 | ||
| 16 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/245b70d7d2768572ae1b05b3668ca858b9ec4ed4] | ||
| 17 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 18 | --- | ||
| 19 | xmlschemas.c | 3 +++ | ||
| 20 | 1 file changed, 3 insertions(+) | ||
| 21 | |||
| 22 | diff --git a/xmlschemas.c b/xmlschemas.c | ||
| 23 | index a089ebc5..18e35e75 100644 | ||
| 24 | --- a/xmlschemas.c | ||
| 25 | +++ b/xmlschemas.c | ||
| 26 | @@ -23647,6 +23647,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt, | ||
| 27 | } | ||
| 28 | if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1) | ||
| 29 | goto internal_error; | ||
| 30 | + dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items; | ||
| 31 | /* | ||
| 32 | * Remove the duplicate entry from the IDC node-table. | ||
| 33 | */ | ||
| 34 | @@ -23863,6 +23864,8 @@ xmlSchemaBubbleIDCNodeTables(xmlSchemaValidCtxtPtr vctxt) | ||
| 35 | goto internal_error; | ||
| 36 | } | ||
| 37 | xmlSchemaItemListAdd(parBind->dupls, parNode); | ||
| 38 | + dupls = (xmlSchemaPSVIIDCNodePtr *) | ||
| 39 | + parBind->dupls->items; | ||
| 40 | } else { | ||
| 41 | /* | ||
| 42 | * Add the node-table entry (node and key-sequence) of | ||
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index 912bcfd0f3..e9578ceb59 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb | |||
| @@ -35,6 +35,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt | |||
| 35 | file://CVE-2024-34459.patch \ | 35 | file://CVE-2024-34459.patch \ |
| 36 | file://CVE-2022-49043.patch \ | 36 | file://CVE-2022-49043.patch \ |
| 37 | file://0001-pattern-Fix-compilation-of-explicit-child-axis.patch \ | 37 | file://0001-pattern-Fix-compilation-of-explicit-child-axis.patch \ |
| 38 | file://CVE-2024-56171.patch \ | ||
| 38 | " | 39 | " |
| 39 | 40 | ||
| 40 | SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" | 41 | SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" |
