mirror of
https://git.yoctoproject.org/poky
synced 2026-02-21 17:09:42 +01:00
c2f4fe8d0c
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar (From OE-Core rev: f3c19a39cdec435f26a7f46a3432231ba4daa19c) (From OE-Core rev: 428878a67fd723908af74c4881e933969f2928a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001
|
|
From: Hugh Davenport <hugh@allthethings.co.nz>
|
|
Date: Tue, 3 Nov 2015 20:40:49 +0800
|
|
Subject: [PATCH] Avoid extra processing of MarkupDecl when EOF
|
|
|
|
For https://bugzilla.gnome.org/show_bug.cgi?id=756263
|
|
|
|
One place where ctxt->instate == XML_PARSER_EOF whic was set up
|
|
by entity detection issues doesn't get noticed, and even overrided
|
|
|
|
Upstream-status: Backport
|
|
|
|
https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
|
|
|
|
CVE: CVE-2015-8241
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
---
|
|
parser.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
Index: libxml2-2.9.2/parser.c
|
|
===================================================================
|
|
--- libxml2-2.9.2.orig/parser.c
|
|
+++ libxml2-2.9.2/parser.c
|
|
@@ -6999,6 +6999,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt
|
|
xmlParsePI(ctxt);
|
|
}
|
|
}
|
|
+
|
|
+ /*
|
|
+ * detect requirement to exit there and act accordingly
|
|
+ * and avoid having instate overriden later on
|
|
+ */
|
|
+ if (ctxt->instate == XML_PARSER_EOF)
|
|
+ return;
|
|
+
|
|
/*
|
|
* This is only for internal subset. On external entities,
|
|
* the replacement is done before parsing stage
|