mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
fee180d783
Backport the patch [1] to fix CVE-2025-11731.
[1] fe508f201e
(From OE-Core rev: e70c70e0359418197699f18c9e2cbfd7ebac705d)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
43 lines
1.5 KiB
Diff
43 lines
1.5 KiB
Diff
From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org>
|
|
Date: Wed, 27 Aug 2025 14:28:40 +0300
|
|
Subject: [PATCH] End function node ancestor search at document
|
|
|
|
Avoids dereferencing a non-existent ->ns property on an
|
|
XML_DOCUMENT_NODE pointer.
|
|
|
|
Fixes #151.
|
|
|
|
CVE: CVE-2025-11731
|
|
|
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3]
|
|
|
|
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
|
|
---
|
|
libexslt/functions.c | 9 +++++++--
|
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libexslt/functions.c b/libexslt/functions.c
|
|
index 8d35a7ae..a54ee70c 100644
|
|
--- a/libexslt/functions.c
|
|
+++ b/libexslt/functions.c
|
|
@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst,
|
|
* instanciation of a func:result element.
|
|
*/
|
|
for (test = inst->parent; test != NULL; test = test->parent) {
|
|
- if (IS_XSLT_ELEM(test) &&
|
|
- IS_XSLT_NAME(test, "stylesheet")) {
|
|
+ if (/* Traversal has reached the top-level document without
|
|
+ * finding a func:function ancestor. */
|
|
+ (test != NULL && test->type == XML_DOCUMENT_NODE) ||
|
|
+ /* Traversal reached a stylesheet-namespace node,
|
|
+ * and has left the function namespace. */
|
|
+ (IS_XSLT_ELEM(test) &&
|
|
+ IS_XSLT_NAME(test, "stylesheet"))) {
|
|
xsltGenericError(xsltGenericErrorContext,
|
|
"func:result element not a descendant "
|
|
"of a func:function\n");
|
|
--
|
|
2.34.1
|
|
|