libxml2: Fix for CVE-2024-25062

Upstream-Status: Backport [2b0aac140d]

(From OE-Core rev: 55027bc882cf6cab830f4e4f21fa9a2ffb4ad72e)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
2024-02-08 08:19:11 +05:30
committed by Steve Sakoman
parent db8608a857
commit 555dadb56e
2 changed files with 34 additions and 0 deletions

View File

@@ -0,0 +1,33 @@
From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 14 Oct 2023 22:45:54 +0200
Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
backtracking
Fixes a use-after-free if XML Reader if used with DTD validation and
XInclude expansion.
Fixes #604.
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7]
CVE: CVE-2024-25062
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
xmlreader.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xmlreader.c b/xmlreader.c
index 979385a13..fefd68e0b 100644
--- a/xmlreader.c
+++ b/xmlreader.c
@@ -1443,6 +1443,7 @@ node_found:
* Handle XInclude if asked for
*/
if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
(reader->node != NULL) &&
(reader->node->type == XML_ELEMENT_NODE) &&
(reader->node->ns != NULL) &&
--
GitLab

View File

@@ -31,6 +31,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
file://CVE-2023-39615-0002.patch \
file://CVE-2023-45322-1.patch \
file://CVE-2023-45322-2.patch \
file://CVE-2024-25062.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"