packages/libsass
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!11 Fix CVE-2022-26592 CVE-2022-43358 CVE-2022-43357

Browse Source 
From: @li_ning_jie 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2023-12-27 09:14:10 +00:00 committed by Gitee
commit 7cdb44bc9b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 132 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
backport-CVE-2022-26592-CVE-2022-43358-CVE-2022-43357.patch Normal file
View File

@ -0,0 +1,126 @@
From 5bb0ea0c4b2ebebe542933f788ffacba459a717a Mon Sep 17 00:00:00 2001
From: Marcel Greter <marcel.greter@ocbnet.ch>
Date: Thu, 14 Dec 2023 14:40:04 +0100
Subject: [PATCH] Fix most urgent issues in 2023
- Fix recursion when resolving parents
- Fix potential memory leak in `sass_not`
- Fix potential NPE in selector list inspector
---
src/ast_selectors.cpp | 14 ++++++++------
src/debugger.hpp | 1 +
src/fn_miscs.cpp | 12 ++++++++----
src/inspect.cpp | 3 ++-
4 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/src/ast_selectors.cpp b/src/ast_selectors.cpp
index c1428429..f5a4867e 100644
--- a/src/ast_selectors.cpp
+++ b/src/ast_selectors.cpp
@@ -868,7 +868,7 @@ namespace Sass {
for (SimpleSelectorObj simple : elements()) {
if (PseudoSelector * pseudo = Cast<PseudoSelector>(simple)) {
if (SelectorList* sel = Cast<SelectorList>(pseudo->selector())) {
- if (parent) {
+ if (parent && !parent->has_real_parent_ref()) {
pseudo->selector(sel->resolve_parent_refs(
pstack, traces, implicit_parent));
}
@@ -976,20 +976,22 @@ namespace Sass {
}
/* better return sass::vector? only - is empty container anyway? */
- SelectorList* ComplexSelector::resolve_parent_refs(SelectorStack pstack, Backtraces& traces, bool implicit_parent)
+ SelectorList* ComplexSelector::resolve_parent_refs(
+ SelectorStack pstack, Backtraces& traces, bool implicit_parent)
{
sass::vector<sass::vector<ComplexSelectorObj>> vars;
auto parent = pstack.back();
+ auto hasRealParent = has_real_parent_ref();
- if (has_real_parent_ref() && !parent) {
+ if (hasRealParent && !parent) {
throw Exception::TopLevelParent(traces, pstate());
}
if (!chroots() && parent) {
- if (!has_real_parent_ref() && !implicit_parent) {
+ if (!hasRealParent && !implicit_parent) {
SelectorList* retval = SASS_MEMORY_NEW(SelectorList, pstate(), 1);
retval->append(this);
return retval;
@@ -1020,10 +1022,10 @@ namespace Sass {
for (auto items : res) {
if (items.size() > 0) {
ComplexSelectorObj first = SASS_MEMORY_COPY(items[0]);
- first->hasPreLineFeed(first->hasPreLineFeed() || (!has_real_parent_ref() && hasPreLineFeed()));
+ first->hasPreLineFeed(first->hasPreLineFeed() || (!hasRealParent && hasPreLineFeed()));
// ToDo: remove once we know how to handle line feeds
// ToDo: currently a mashup between ruby and dart sass
- // if (has_real_parent_ref()) first->has_line_feed(false);
+ // if (hasRealParent) first->has_line_feed(false);
// first->has_line_break(first->has_line_break() || has_line_break());
first->chroots(true); // has been resolved by now
for (size_t i = 1; i < items.size(); i += 1) {
diff --git a/src/debugger.hpp b/src/debugger.hpp
index 703d3871..31af4721 100644
--- a/src/debugger.hpp
+++ b/src/debugger.hpp
@@ -430,6 +430,7 @@ inline void debug_ast(AST_Node* node, sass::string ind, Env* env)
std::cerr << " <<" << selector->ns_name() << ">>";
std::cerr << (selector->isClass() ? " [isClass]": " -");
std::cerr << (selector->isSyntacticClass() ? " [isSyntacticClass]": " -");
+ std::cerr << (selector->has_real_parent_ref(nullptr) ? " [real parent]" : " -");
std::cerr << std::endl;
debug_ast(selector->argument(), ind + " <= ", env);
debug_ast(selector->selector(), ind + " || ", env);
diff --git a/src/fn_miscs.cpp b/src/fn_miscs.cpp
index 38e8d2a8..d5e28ca6 100644
--- a/src/fn_miscs.cpp
+++ b/src/fn_miscs.cpp
@@ -160,10 +160,14 @@ namespace Sass {
ExpressionObj cond = ARG("$condition", Expression)->perform(&expand.eval);
bool is_true = !cond->is_false();
ExpressionObj res = ARG(is_true ? "$if-true" : "$if-false", Expression);
- ValueObj qwe = Cast<Value>(res->perform(&expand.eval));
- // res = res->perform(&expand.eval.val_eval);
- qwe->set_delayed(false); // clone?
- return qwe.detach();
+ ExpressionObj rv = res->perform(&expand.eval);
+ ValueObj value = Cast<Value>(rv);
+ if (value != nullptr) {
+ value->set_delayed(false);
+ return value.detach();
+ }
+ rv->set_delayed(false);
+ return nullptr;
}
//////////////////////////
diff --git a/src/inspect.cpp b/src/inspect.cpp
index 4d079bed..bdc73cda 100644
--- a/src/inspect.cpp
+++ b/src/inspect.cpp
@@ -463,6 +463,7 @@ namespace Sass {
{ sep[0] = i % 2 ? ':' : ','; }
ExpressionObj list_item = list->at(i);
if (output_style() != TO_SASS) {
+ if (list_item == nullptr) continue;
if (list_item->is_invisible()) {
// this fixes an issue with "" in a list
if (!Cast<String_Constant>(list_item)) {
@@ -1088,7 +1089,7 @@ namespace Sass {
void Inspect::operator()(CompoundSelector* sel)
{
- if (sel->hasRealParent()) {
+ if (sel->hasRealParent() /* || sel->has_real_parent_ref() */) {
append_string("&");
}
for (auto& item : sel->elements()) {
--
2.33.0

7
libsass.spec
View File

@ -1,12 +1,14 @@
Name: libsass
Version: 3.6.5
Release: 1
Release: 2
Summary: A Sass CSS precompiler which is ported for C/C++
License: MIT
URL: http://sass-lang.com/libsass
Source0: https://github.com/sass/libsass/archive/%{version}.tar.gz
Patch0001: backport-CVE-2022-26592-CVE-2022-43358-CVE-2022-43357.patch
BuildRequires: automake autoconf libtool pkgconfig gcc-c++
%description
@ -52,6 +54,9 @@ autoreconf --force --install
%{_libdir}/pkgconfig/*.pc
%changelog
* Tue Dec 26 2023 liningjie <liningjie@xfusion.com> - 3.6.5-2
- Fix CVE-2022-26592 CVE-2022-43358 CVE-2022-43357
* Fri Jul 07 2023 wangkai <13474090681@163.com> - 3.6.5-1
- Update to 3.6.5