diff options
| author |   Andrej Valek <andrej.valek@siemens.com> | 2016-12-12 14:20:21 +0100 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-01-11 17:21:46 +0000 |
| commit | c8f4fb15de070b7462eee66a5e0e0b63b704046b (patch) | |
| tree | 515b55948c2de2b7ebf040a75e170a0c8c03e762 | |
| parent | 359189b6e6e5307156b08f0b7922a79e6acea1e2 (diff) | |
| download | openembedded-core-contrib-c8f4fb15de070b7462eee66a5e0e0b63b704046b.tar.gz | |
libxml2: Fix more NULL pointer derefs
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.
(From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601)
(From OE-Core rev: 401d552f9e4ed3341e42864e566dddb2b26019dc)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch | 46 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch new file mode 100644 index 0000000000..83552ca3ec --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch @@ -0,0 +1,46 @@ +libxml2-2.9.4: Fix more NULL pointer derefs + +xpointer: Fix more NULL pointer derefs + +Upstream-Status: Backported [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd] +CVE: - +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> +Signed-off-by: Pascal Bach <pascal.bach@siemens.com> + +diff --git a/xpointer.c b/xpointer.c +index 676c510..074db24 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { + /* + * Empty set ... + */ +- if (end->nodesetval->nodeNr <= 0) ++ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0)) + return(NULL); + break; + default: +@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) { + */ + xmlNodeSetPtr set; + set = tmp->nodesetval; +- if ((set->nodeNr != 1) || ++ if ((set == NULL) || (set->nodeNr != 1) || + (set->nodeTab[0] != (xmlNodePtr) ctx->doc)) + stack++; + } else +@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) { + xmlXPathFreeObject(set); + XP_ERROR(XPATH_MEMORY_ERROR); + } +- for (i = 0;i < oldset->locNr;i++) { +- xmlXPtrLocationSetAdd(newset, +- xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); ++ if (oldset != NULL) { ++ for (i = 0;i < oldset->locNr;i++) { ++ xmlXPtrLocationSetAdd(newset, ++ xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); ++ } + } + + /* diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index a1d1e9e12d..ba08c9c994 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb @@ -22,6 +22,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://libxml2-fix_node_comparison.patch \ file://libxml2-CVE-2016-5131.patch \ file://libxml2-CVE-2016-4658.patch \ + file://libxml2-fix_NULL_pointer_derefs.patch \ " SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" |