aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
blob: 26779aa572766c96a5723f715d34b690cf905bb4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Wed, 23 Aug 2017 16:04:49 +0800
Subject: [PATCH] fix CVE-2017-8872

this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
il too here.

this seems to cure this specific issue, and also passes the testsuite

Signed-off-by: Marcus Meissner <meissner@suse.de>

https://bugzilla.gnome.org/show_bug.cgi?id=775200
Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 parser.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/parser.c b/parser.c
index 9506ead..6c07ffd 100644
--- a/parser.c
+++ b/parser.c
@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
 	}
 	ctxt->input->cur = BAD_CAST"";
 	ctxt->input->base = ctxt->input->cur;
+	if (ctxt->input->buf) {
+		xmlBufEmpty (ctxt->input->buf->buffer);
+	} else
+		ctxt->input->length = 0;
     }
 }
 
-- 
2.7.4