From a615b0825927a09a0aa8312d131c9acbaef8956d Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Wed, 23 Aug 2017 04:30:45 -0400 Subject: libxml2: Fix CVE-2017-8872 fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403) https://bugzilla.gnome.org/show_bug.cgi?id=775200 Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address" ... export CC="clang" export CFLAGS="-fsanitize=address" ./configure --disable-shared make clean all -j wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc ./xmllint --html --push poc ==2785==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08 READ of size 1 at 0x000000a0de21 thread T0 #0 0x6a7f6d (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d) #1 0x6a7356 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356) #2 0x4f4504 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504) #3 0x4f045e (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e) #4 0x7f81977d682f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x419ad8 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8) ... Signed-off-by: Hongxu Jia Signed-off-by: Richard Purdie --- meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-core/libxml/libxml2_2.9.4.bb') diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index f67c47d29c..107539b50d 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb @@ -28,6 +28,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ file://libxml2-CVE-2017-5969.patch \ file://libxml2-CVE-2017-0663.patch \ + file://libxml2-CVE-2017-8872.patch \ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ " -- cgit 1.2.3-korg