mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-23 00:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

expat: fix CVE-2022-23852

Browse Source 
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer
for configurations with a nonzero XML_CONTEXT_BYTES.

Backport patch from:
847a645152

CVE: CVE-2022-23852
(From OE-Core rev: 8a50809a0e54c66a8a7aafb1b9bffbec009f8c57)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit af81bb9d10c0f1e9dcaffc1bbc18ef780eea7127)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Steve Sakoman
2022-01-31 07:08:36 -10:00
committed by Richard Purdie
parent ba91997abe
commit 85dd9e10bd
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
meta/recipes-core/expat/expat/CVE-2022-23852.patch Normal file
View File

@@ -0,0 +1,33 @@
From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001
From: Samanta Navarro <ferivoz@riseup.net>
Date: Sat, 22 Jan 2022 17:48:00 +0100
Subject: [PATCH] lib: Detect and prevent integer overflow in XML_GetBuffer
(CVE-2022-23852)
Upstream-Status: Backport:
https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40
CVE: CVE-2022-23852
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
expat/lib/xmlparse.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index d54af683..5ce31402 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) {
keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer);
if (keep > XML_CONTEXT_BYTES)
keep = XML_CONTEXT_BYTES;
+ /* Detect and prevent integer overflow */
+ if (keep > INT_MAX - neededSize) {
+ parser->m_errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
neededSize += keep;
#endif /* defined XML_CONTEXT_BYTES */
if (neededSize

1
meta/recipes-core/expat/expat_2.2.10.bb
View File

@@ -15,6 +15,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
file://CVE-2022-22822-27.patch \
file://CVE-2021-45960.patch \
file://CVE-2021-46143.patch \
file://CVE-2022-23852.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"