mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-20 09:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

libxslt: Fix for CVE-2024-55549

Browse Source 
Upstream-Commit: 46041b65f2

(From OE-Core rev: eae0c33539f302124544373b74bd6883467ff549)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
2025-03-20 17:27:05 +05:30
committed by Steve Sakoman
parent 88aec329b8
commit 0490768a25
2 changed files with 52 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
meta/recipes-support/libxslt/libxslt/CVE-2024-55549.patch Normal file
View File

@@ -0,0 +1,49 @@
From 46041b65f2fbddf5c284ee1a1332fa2c515c0515 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 5 Dec 2024 12:43:19 +0100
Subject: [PATCH] [CVE-2024-55549] Fix UAF related to excluded namespaces
Definitions of excluded namespaces could be deleted in
xsltParseTemplateContent. Store excluded namespace URIs in the
stylesheet's dictionary instead of referencing the namespace definition.
Thanks to Ivan Fratric for the report!
Fixes #127.
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/-/commit/46041b65f2fbddf5c284ee1a1332fa2c515c0515]
CVE: CVE-2024-55549
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
libxslt/xslt.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
index 69116f2..02c2e3a 100644
--- a/libxslt/xslt.c
+++ b/libxslt/xslt.c
@@ -153,10 +153,20 @@ xsltParseContentError(xsltStylesheetPtr style,
* in case of error
*/
static int
-exclPrefixPush(xsltStylesheetPtr style, xmlChar * value)
+exclPrefixPush(xsltStylesheetPtr style, xmlChar * orig)
{
+ xmlChar *value;
int i;
+ /*
+ * orig can come from a namespace definition on a node which
+ * could be deleted later, for example in xsltParseTemplateContent.
+ * Store the string in stylesheet's dict to avoid use after free.
+ */
+ value = (xmlChar *) xmlDictLookup(style->dict, orig, -1);
+ if (value == NULL)
+ return(-1);
+
if (style->exclPrefixMax == 0) {
style->exclPrefixMax = 4;
style->exclPrefixTab =
--
2.34.1

4
meta/recipes-support/libxslt/libxslt_1.1.35.bb
View File

@@ -13,7 +13,9 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458"
SECTION = "libs"
DEPENDS = "libxml2"
SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz"
SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz \
file://CVE-2024-55549.patch \
"
SRC_URI[sha256sum] = "8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79"