mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

raptor2: patch CVE-2017-18926

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-18926

NVD advisory mentions the original announcement on oss-security
mailing list[1]. This mentions a bug link[2] related to this
vulnerability. The bug mentions the revision of the fix - pick
that patch from the project's git repository.

[1]: https://www.openwall.com/lists/oss-security/2017/06/07/1
[2]: https://bugs.librdf.org/mantis/view.php?id=617

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-12 12:20:12 +01:00
parent 8f5f5cf4b3
commit 7b4d42c640
2 changed files with 48 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/raptor2/files/CVE-2017-18926.patch
+44
View File
@@ -0,0 +1,44 @@
From 686fc0608480f4b2d2f8c60717141ad8e3c5a849 Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Sun, 16 Apr 2017 23:15:12 +0100
Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
(raptor_xml_writer_start_element_common): Calculate max including for
each attribute a potential name and value.
Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
CVE: CVE-2017-18926
Upstream-Status: Backport [https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/raptor_xml_writer.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 693b946..0d3a36a 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
size_t nspace_declarations_count = 0;
unsigned int i;
- /* max is 1 per element and 1 for each attribute + size of declared */
if(nstack) {
- int nspace_max_count = element->attribute_count+1;
+ int nspace_max_count = element->attribute_count * 2; /* attr and value */
+ if(element->name->nspace)
+ nspace_max_count++;
if(element->declared_nspaces)
nspace_max_count += raptor_sequence_size(element->declared_nspaces);
if(element->xml_language)
@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
}
}
- /* Add the attribute + value */
+ /* Add the attribute's value */
nspace_declarations[nspace_declarations_count].declaration=
raptor_qname_format_as_xml(element->attributes[i],
&nspace_declarations[nspace_declarations_count].length);
meta-oe/recipes-support/raptor2/raptor2_2.0.15.bb
+4 -4
View File
@@ -9,10 +9,10 @@ LIC_FILES_CHKSUM = " \
DEPENDS = "libxml2 libxslt curl yajl"
SRC_URI = " \
http://download.librdf.org/source/${BPN}-${PV}.tar.gz \
file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \
"
SRC_URI = "http://download.librdf.org/source/${BPN}-${PV}.tar.gz \
file://0001-configure.ac-do-additional-checks-on-libxml2-also-wh.patch \
file://CVE-2017-18926.patch \
"
SRC_URI[md5sum] = "a39f6c07ddb20d7dd2ff1f95fa21e2cd"
SRC_URI[sha256sum] = "ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed"