mirror of
https://git.yoctoproject.org/poky
synced 2026-04-20 00:32:13 +02:00
libxml2: fix CVE-2021-3537
Parsing specially crafted Mixed Content while parsing XML data may
lead to invalid data structure being created, as errors were not
propagated. This could lead to several NULL Pointer Dereference when
post-validating documents parsed in recovery mode.
CVE: CVE-2021-3537
Upstream-Status: Backport [babe75030c]
(From OE-Core rev: 6d69f7453f78dcb19f472dcea183e859648c5243)
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Tony Tascioglu
committed by
Richard Purdie
Richard Purdie
parent
cb3bc91a03
commit
fd33741e27
49
meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
Normal file
49
meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
Normal file
@@ -0,0 +1,49 @@
|
||||
From 5ae9c39401f679648301efa6d2d35e09cc376462 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Sat, 1 May 2021 16:53:33 +0200
|
||||
Subject: [PATCH 3/3] Propagate error in xmlParseElementChildrenContentDeclPriv
|
||||
|
||||
Check return value of recursive calls to
|
||||
xmlParseElementChildrenContentDeclPriv and return immediately in case
|
||||
of errors. Otherwise, struct xmlElementContent could contain unexpected
|
||||
null pointers, leading to a null deref when post-validating documents
|
||||
which aren't well-formed and parsed in recovery mode.
|
||||
|
||||
Fixes #243.
|
||||
|
||||
CVE: CVE-2021-3537
|
||||
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61]
|
||||
|
||||
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
|
||||
---
|
||||
parser.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index a34bb6cd..bbcff39f 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -6195,6 +6195,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
|
||||
SKIP_BLANKS;
|
||||
cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
|
||||
depth + 1);
|
||||
+ if (cur == NULL)
|
||||
+ return(NULL);
|
||||
SKIP_BLANKS;
|
||||
GROW;
|
||||
} else {
|
||||
@@ -6328,6 +6330,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
|
||||
SKIP_BLANKS;
|
||||
last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
|
||||
depth + 1);
|
||||
+ if (last == NULL) {
|
||||
+ if (ret != NULL)
|
||||
+ xmlFreeDocElementContent(ctxt->myDoc, ret);
|
||||
+ return(NULL);
|
||||
+ }
|
||||
SKIP_BLANKS;
|
||||
} else {
|
||||
elem = xmlParseName(ctxt);
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -26,6 +26,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
|
||||
file://fix-python39.patch \
|
||||
file://CVE-2021-3517.patch \
|
||||
file://CVE-2021-3516.patch \
|
||||
file://CVE-2021-3537.patch \
|
||||
"
|
||||
|
||||
SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
|
||||
|
||||
Reference in New Issue
Block a user