packages/libxml2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!209 fix CVE-2023-45322

Browse Source 
From: @BruceGW 
Reviewed-by: @gaoruoshu 
Signed-off-by: @gaoruoshu
This commit is contained in:
openeuler-ci-bot 2023-10-17 02:21:12 +00:00 committed by Gitee
commit 9e8451ff41
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 82 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
backport-CVE-2023-45322.patch Normal file
View File

@ -0,0 +1,74 @@
From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 23 Aug 2023 20:24:24 +0200
Subject: [PATCH] tree: Fix copying of DTDs
- Don't create multiple DTD nodes.
- Fix UAF if malloc fails.
- Skip DTD nodes if tree module is disabled.
Fixes #583.
---
tree.c | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/tree.c b/tree.c
index 6c8a875b..02c1b579 100644
--- a/tree.c
+++ b/tree.c
@@ -4386,29 +4386,28 @@ xmlNodePtr
xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
xmlNodePtr ret = NULL;
xmlNodePtr p = NULL,q;
+ xmlDtdPtr newSubset = NULL;
while (node != NULL) {
-#ifdef LIBXML_TREE_ENABLED
if (node->type == XML_DTD_NODE ) {
- if (doc == NULL) {
+#ifdef LIBXML_TREE_ENABLED
+ if ((doc == NULL) || (doc->intSubset != NULL)) {
node = node->next;
continue;
}
- if (doc->intSubset == NULL) {
- q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
- if (q == NULL) goto error;
- q->doc = doc;
- q->parent = parent;
- doc->intSubset = (xmlDtdPtr) q;
- xmlAddChild(parent, q);
- } else {
- q = (xmlNodePtr) doc->intSubset;
- xmlAddChild(parent, q);
- }
- } else
+ q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
+ if (q == NULL) goto error;
+ q->doc = doc;
+ q->parent = parent;
+ newSubset = (xmlDtdPtr) q;
+#else
+ node = node->next;
+ continue;
#endif /* LIBXML_TREE_ENABLED */
+ } else {
q = xmlStaticCopyNode(node, doc, parent, 1);
- if (q == NULL) goto error;
+ if (q == NULL) goto error;
+ }
if (ret == NULL) {
q->prev = NULL;
ret = p = q;
@@ -4420,6 +4419,8 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
}
node = node->next;
}
+ if (newSubset != NULL)
+ doc->intSubset = newSubset;
return(ret);
error:
xmlFreeNodeList(ret);
--
2.27.0

9
libxml2.spec
View File

@ -1,12 +1,13 @@
Summary: Library providing XML and HTML support Summary: Library providing XML and HTML support
Name: libxml2 Name: libxml2
Version: 2.11.4 Version: 2.11.4
Release: 4 Release: 5
License: MIT License: MIT
Group: Development/Libraries Group: Development/Libraries
Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz
Patch0: libxml2-multilib.patch Patch0: libxml2-multilib.patch
Patch1: backport-CVE-2023-45322.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: python3-devel BuildRequires: python3-devel
@ -158,6 +159,12 @@ rm -fr %{buildroot}
%changelog %changelog
* Mon Oct 16 2023 BruceGW <gyl93216@163.com> -2.11.4-5
- Type:CVE
- CVE:CVE-2023-45322
- SUG:NA
- DESC:fix CVE-2023-45322
* Mon Aug 07 2023 zhuofeng <zhuofeng2@huawei.com> - 2.11.4-4 * Mon Aug 07 2023 zhuofeng <zhuofeng2@huawei.com> - 2.11.4-4
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA