mirror of
https://git.yoctoproject.org/poky
synced 2026-02-10 10:43:02 +01:00
a30cde8c0c
Backports from: *e4f85f1bd2*547edbf1cb(From OE-Core rev: 7d03d5dbc98aa701869c73c1c55a5868c70c5287) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
43 lines
1.2 KiB
Diff
43 lines
1.2 KiB
Diff
From 547edbf1cbdccd46b2e8ff322a456eaa5931c5df Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Fri, 7 Apr 2023 11:49:27 +0200
|
|
Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
|
|
deterministic
|
|
|
|
When hashing empty strings which aren't null-terminated,
|
|
xmlDictComputeFastKey could produce inconsistent results. This could
|
|
lead to various logic or memory errors, including double frees.
|
|
|
|
For consistency the seed is also taken into account, but this shouldn't
|
|
have an impact on security.
|
|
|
|
Found by OSS-Fuzz.
|
|
|
|
Fixes #510.
|
|
|
|
CVE: CVE-2023-29469
|
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df]
|
|
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
|
---
|
|
dict.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/dict.c b/dict.c
|
|
index 86c3f6d7..d7fd1a06 100644
|
|
--- a/dict.c
|
|
+++ b/dict.c
|
|
@@ -433,7 +433,8 @@ static unsigned long
|
|
xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
|
|
unsigned long value = seed;
|
|
|
|
- if (name == NULL) return(0);
|
|
+ if ((name == NULL) || (namelen <= 0))
|
|
+ return(value);
|
|
value += *name;
|
|
value <<= 5;
|
|
if (namelen > 10) {
|
|
--
|
|
GitLab
|
|
|