diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2017-06-14 15:01:35 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-07-27 22:34:38 +0100 |
commit | f0017a7b8b3fc4407e6596156b57aa1183937382 (patch) | |
tree | 33d139254a560d6033a3f929634728781d3dca20 /meta/recipes-core | |
parent | a409c50a09b12caa434b2b06bdcfb6beba43f67f (diff) | |
download | openembedded-core-contrib-f0017a7b8b3fc4407e6596156b57aa1183937382.tar.gz |
libxml2: Fix CVE-2017-5969
Fix NULL pointer deref in xmlDumpElementContent
Can only be triggered in recovery mode.
Fixes bug 758422
CVE: CVE-2017-5969
(From OE-Core rev: 0cae039cbe513b7998e067f4f3958af2ec65ed1a)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 | ||||
-rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch new file mode 100644 index 0000000000..571b05c087 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch @@ -0,0 +1,62 @@ +libxml2-2.9.4: Fix CVE-2017-5969 + +[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422 + +valid: Fix NULL pointer deref in xmlDumpElementContent + +Can only be triggered in recovery mode. + +Fixes bug 758422 + +Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882] +CVE: CVE-2017-5969 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/valid.c b/valid.c +index 19f84b8..0a8e58a 100644 +--- a/valid.c ++++ b/valid.c +@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) + xmlBufferWriteCHAR(buf, content->name); + break; + case XML_ELEMENT_CONTENT_SEQ: +- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) ++ if ((content->c1 != NULL) && ++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || ++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) + xmlDumpElementContent(buf, content->c1, 1); + else + xmlDumpElementContent(buf, content->c1, 0); + xmlBufferWriteChar(buf, " , "); +- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || +- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && +- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) ++ if ((content->c2 != NULL) && ++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || ++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && ++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) + xmlDumpElementContent(buf, content->c2, 1); + else + xmlDumpElementContent(buf, content->c2, 0); + break; + case XML_ELEMENT_CONTENT_OR: +- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) ++ if ((content->c1 != NULL) && ++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || ++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) + xmlDumpElementContent(buf, content->c1, 1); + else + xmlDumpElementContent(buf, content->c1, 0); + xmlBufferWriteChar(buf, " | "); +- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || +- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && +- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) ++ if ((content->c2 != NULL) && ++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || ++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && ++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) + xmlDumpElementContent(buf, content->c2, 1); + else + xmlDumpElementContent(buf, content->c2, 0); diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index 09a74451d8..5776f0f8d3 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb @@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \ file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ + file://libxml2-CVE-2017-5969.patch \ file://CVE-2016-9318.patch \ " |