mirror of
https://git.yoctoproject.org/poky
synced 2026-02-16 05:33:03 +01:00
4ad8edab0b
(From OE-Core rev: f177c0ec321f005dd9ce63aec2d700fd53c993ff) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
51 lines
1.7 KiB
Diff
51 lines
1.7 KiB
Diff
From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Sat, 1 May 2021 16:53:33 +0200
|
|
Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv
|
|
|
|
Check return value of recursive calls to
|
|
xmlParseElementChildrenContentDeclPriv and return immediately in case
|
|
of errors. Otherwise, struct xmlElementContent could contain unexpected
|
|
null pointers, leading to a null deref when post-validating documents
|
|
which aren't well-formed and parsed in recovery mode.
|
|
|
|
Fixes #243.
|
|
|
|
Upstream-Status: Backport
|
|
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61]
|
|
CVE: CVE-2021-3537
|
|
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
|
|
|
|
---
|
|
parser.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/parser.c b/parser.c
|
|
index b42e6043..73c27edd 100644
|
|
--- a/parser.c
|
|
+++ b/parser.c
|
|
@@ -6208,6 +6208,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
|
|
SKIP_BLANKS;
|
|
cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
|
|
depth + 1);
|
|
+ if (cur == NULL)
|
|
+ return(NULL);
|
|
SKIP_BLANKS;
|
|
GROW;
|
|
} else {
|
|
@@ -6341,6 +6343,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
|
|
SKIP_BLANKS;
|
|
last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
|
|
depth + 1);
|
|
+ if (last == NULL) {
|
|
+ if (ret != NULL)
|
|
+ xmlFreeDocElementContent(ctxt->myDoc, ret);
|
|
+ return(NULL);
|
|
+ }
|
|
SKIP_BLANKS;
|
|
} else {
|
|
elem = xmlParseName(ctxt);
|
|
--
|
|
GitLab
|
|
|