summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch42
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.14.bb1
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch
new file mode 100644
index 0000000000..6c7b1c11e7
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch
@@ -0,0 +1,42 @@
1From 245b70d7d2768572ae1b05b3668ca858b9ec4ed4 Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Tue, 10 Dec 2024 16:52:05 +0100
4Subject: [PATCH] [CVE-2024-56171] Fix use-after-free after
5 xmlSchemaItemListAdd
6
7xmlSchemaItemListAdd can reallocate the items array. Update local
8variables after adding item in
9
10- xmlSchemaIDCFillNodeTables
11- xmlSchemaBubbleIDCNodeTables
12
13Fixes #828.
14
15CVE: CVE-2024-56171
16Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/245b70d7d2768572ae1b05b3668ca858b9ec4ed4]
17Signed-off-by: Peter Marko <peter.marko@siemens.com>
18---
19 xmlschemas.c | 3 +++
20 1 file changed, 3 insertions(+)
21
22diff --git a/xmlschemas.c b/xmlschemas.c
23index a089ebc5..18e35e75 100644
24--- a/xmlschemas.c
25+++ b/xmlschemas.c
26@@ -23647,6 +23647,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
27 }
28 if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1)
29 goto internal_error;
30+ dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items;
31 /*
32 * Remove the duplicate entry from the IDC node-table.
33 */
34@@ -23863,6 +23864,8 @@ xmlSchemaBubbleIDCNodeTables(xmlSchemaValidCtxtPtr vctxt)
35 goto internal_error;
36 }
37 xmlSchemaItemListAdd(parBind->dupls, parNode);
38+ dupls = (xmlSchemaPSVIIDCNodePtr *)
39+ parBind->dupls->items;
40 } else {
41 /*
42 * Add the node-table entry (node and key-sequence) of
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 912bcfd0f3..e9578ceb59 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -35,6 +35,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
35 file://CVE-2024-34459.patch \ 35 file://CVE-2024-34459.patch \
36 file://CVE-2022-49043.patch \ 36 file://CVE-2022-49043.patch \
37 file://0001-pattern-Fix-compilation-of-explicit-child-axis.patch \ 37 file://0001-pattern-Fix-compilation-of-explicit-child-axis.patch \
38 file://CVE-2024-56171.patch \
38 " 39 "
39 40
40SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" 41SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"