mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 05:29:32 +00:00
Code Issues Projects Releases Wiki Activity

libxml2: Fix CVE-2017-5969

Browse Source 
Fix NULL pointer deref in xmlDumpElementContent

Can only be triggered in recovery mode.

Fixes bug 758422

CVE: CVE-2017-5969
(From OE-Core rev: 0cae039cbe513b7998e067f4f3958af2ec65ed1a)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Andrej Valek
2017-06-14 15:01:35 +02:00
committed by Richard Purdie
parent 371ba8c743
commit e1a7eb810f
2 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+62
View File
@@ -0,0 +1,62 @@
libxml2-2.9.4: Fix CVE-2017-5969
[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
valid: Fix NULL pointer deref in xmlDumpElementContent
Can only be triggered in recovery mode.
Fixes bug 758422
Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
CVE: CVE-2017-5969
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
diff --git a/valid.c b/valid.c
index 19f84b8..0a8e58a 100644
--- a/valid.c
+++ b/valid.c
@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
xmlBufferWriteCHAR(buf, content->name);
break;
case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
+ if ((content->c1 != NULL) &&
+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
xmlDumpElementContent(buf, content->c1, 1);
else
xmlDumpElementContent(buf, content->c1, 0);
xmlBufferWriteChar(buf, " , ");
- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
+ if ((content->c2 != NULL) &&
+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
xmlDumpElementContent(buf, content->c2, 1);
else
xmlDumpElementContent(buf, content->c2, 0);
break;
case XML_ELEMENT_CONTENT_OR:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
+ if ((content->c1 != NULL) &&
+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
xmlDumpElementContent(buf, content->c1, 1);
else
xmlDumpElementContent(buf, content->c1, 0);
xmlBufferWriteChar(buf, " | ");
- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
+ if ((content->c2 != NULL) &&
+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
xmlDumpElementContent(buf, content->c2, 1);
else
xmlDumpElementContent(buf, content->c2, 0);
meta/recipes-core/libxml/libxml2_2.9.4.bb
+1
View File
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \ file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
file://libxml2-CVE-2017-5969.patch \
file://CVE-2016-9318.patch \ file://CVE-2016-9318.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
" "