mirror of
https://git.yoctoproject.org/poky
synced 2026-05-31 12:49:46 +00:00
libxml2: Security fix CVE-2015-8241
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar (From OE-Core rev: f3c19a39cdec435f26a7f46a3432231ba4daa19c) (From OE-Core rev: 428878a67fd723908af74c4881e933969f2928a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
committed by
Richard Purdie
Richard Purdie
parent
ce70f38442
commit
c2f4fe8d0c
@@ -37,6 +37,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
|
|||||||
file://0001-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch \
|
file://0001-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch \
|
||||||
file://0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch \
|
file://0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch \
|
||||||
file://0001-CVE-2015-5312-Another-entity-expansion-issue.patch \
|
file://0001-CVE-2015-5312-Another-entity-expansion-issue.patch \
|
||||||
|
file://CVE-2015-8241.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
BINCONFIG = "${bindir}/xml2-config"
|
BINCONFIG = "${bindir}/xml2-config"
|
||||||
|
|||||||
@@ -0,0 +1,40 @@
|
|||||||
|
From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hugh Davenport <hugh@allthethings.co.nz>
|
||||||
|
Date: Tue, 3 Nov 2015 20:40:49 +0800
|
||||||
|
Subject: [PATCH] Avoid extra processing of MarkupDecl when EOF
|
||||||
|
|
||||||
|
For https://bugzilla.gnome.org/show_bug.cgi?id=756263
|
||||||
|
|
||||||
|
One place where ctxt->instate == XML_PARSER_EOF whic was set up
|
||||||
|
by entity detection issues doesn't get noticed, and even overrided
|
||||||
|
|
||||||
|
Upstream-status: Backport
|
||||||
|
|
||||||
|
https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
|
||||||
|
|
||||||
|
CVE: CVE-2015-8241
|
||||||
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||||
|
|
||||||
|
---
|
||||||
|
parser.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
Index: libxml2-2.9.2/parser.c
|
||||||
|
===================================================================
|
||||||
|
--- libxml2-2.9.2.orig/parser.c
|
||||||
|
+++ libxml2-2.9.2/parser.c
|
||||||
|
@@ -6999,6 +6999,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt
|
||||||
|
xmlParsePI(ctxt);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * detect requirement to exit there and act accordingly
|
||||||
|
+ * and avoid having instate overriden later on
|
||||||
|
+ */
|
||||||
|
+ if (ctxt->instate == XML_PARSER_EOF)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* This is only for internal subset. On external entities,
|
||||||
|
* the replacement is done before parsing stage
|
||||||
Reference in New Issue
Block a user