aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2017-06-14 15:01:35 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-06-23 11:43:39 +0100
commit0cae039cbe513b7998e067f4f3958af2ec65ed1a (patch)
treeb753074beb14d022b79662c7e605c1508c92b692 /meta/recipes-core/libxml
parent2300762fef8fc8e3e56fb07fd4076c1deeba0a9b (diff)
downloadopenembedded-core-contrib-0cae039cbe513b7998e067f4f3958af2ec65ed1a.tar.gz
openembedded-core-contrib-0cae039cbe513b7998e067f4f3958af2ec65ed1a.tar.bz2
openembedded-core-contrib-0cae039cbe513b7998e067f4f3958af2ec65ed1a.zip
libxml2: Fix CVE-2017-5969
Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Diffstat (limited to 'meta/recipes-core/libxml')
-rw-r--r--meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch62
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.4.bb1
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
new file mode 100644
index 0000000000..571b05c087
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
@@ -0,0 +1,62 @@
+libxml2-2.9.4: Fix CVE-2017-5969
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
+
+valid: Fix NULL pointer deref in xmlDumpElementContent
+
+Can only be triggered in recovery mode.
+
+Fixes bug 758422
+
+Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
+CVE: CVE-2017-5969
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/valid.c b/valid.c
+index 19f84b8..0a8e58a 100644
+--- a/valid.c
++++ b/valid.c
+@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
+ xmlBufferWriteCHAR(buf, content->name);
+ break;
+ case XML_ELEMENT_CONTENT_SEQ:
+- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++ if ((content->c1 != NULL) &&
++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ xmlDumpElementContent(buf, content->c1, 1);
+ else
+ xmlDumpElementContent(buf, content->c1, 0);
+ xmlBufferWriteChar(buf, " , ");
+- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
+- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
+- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++ if ((content->c2 != NULL) &&
++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ xmlDumpElementContent(buf, content->c2, 1);
+ else
+ xmlDumpElementContent(buf, content->c2, 0);
+ break;
+ case XML_ELEMENT_CONTENT_OR:
+- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++ if ((content->c1 != NULL) &&
++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ xmlDumpElementContent(buf, content->c1, 1);
+ else
+ xmlDumpElementContent(buf, content->c1, 0);
+ xmlBufferWriteChar(buf, " | ");
+- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
+- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
+- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++ if ((content->c2 != NULL) &&
++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ xmlDumpElementContent(buf, content->c2, 1);
+ else
+ xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 3f78c2de63..2996809e4a 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
+ file://libxml2-CVE-2017-5969.patch \
file://CVE-2016-9318.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"