mirror of
https://git.yoctoproject.org/poky
synced 2026-04-29 18:32:20 +02:00
8b77dd2bcf
Upstream-Status: Backport [31c6ce3b63&2b0aac140d] (From OE-Core rev: e4e621dc42be5dd158393fcadf5200f9eae613cb) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Mon, 9 Nov 2020 17:55:44 +0100
|
|
Subject: [PATCH] Avoid call stack overflow with XML reader and recursive
|
|
XIncludes
|
|
|
|
Don't process XIncludes in the result of another inclusion to avoid
|
|
infinite recursion resulting in a call stack overflow.
|
|
|
|
This is something the XInclude engine shouldn't allow but correct
|
|
handling of intra-document includes would require major changes.
|
|
|
|
Found by OSS-Fuzz.
|
|
|
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508]
|
|
CVE: CVE-2024-25062 #Dependency Patch
|
|
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
|
---
|
|
xmlreader.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/xmlreader.c b/xmlreader.c
|
|
index 01adf74f4..72e40b032 100644
|
|
--- a/xmlreader.c
|
|
+++ b/xmlreader.c
|
|
@@ -1585,7 +1585,8 @@ node_found:
|
|
/*
|
|
* Handle XInclude if asked for
|
|
*/
|
|
- if ((reader->xinclude) && (reader->node != NULL) &&
|
|
+ if ((reader->xinclude) && (reader->in_xinclude == 0) &&
|
|
+ (reader->node != NULL) &&
|
|
(reader->node->type == XML_ELEMENT_NODE) &&
|
|
(reader->node->ns != NULL) &&
|
|
((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) ||
|
|
--
|
|
GitLab
|
|
|