!209 fix CVE-2023-45322
From: @BruceGW Reviewed-by: @gaoruoshu Signed-off-by: @gaoruoshu
This commit is contained in:
openeuler-ci-bot
Gitee
commit
9e8451ff41
74
backport-CVE-2023-45322.patch
Normal file
74
backport-CVE-2023-45322.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Wed, 23 Aug 2023 20:24:24 +0200
|
||||
Subject: [PATCH] tree: Fix copying of DTDs
|
||||
|
||||
- Don't create multiple DTD nodes.
|
||||
- Fix UAF if malloc fails.
|
||||
- Skip DTD nodes if tree module is disabled.
|
||||
|
||||
Fixes #583.
|
||||
---
|
||||
tree.c | 31 ++++++++++++++++---------------
|
||||
1 file changed, 16 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/tree.c b/tree.c
|
||||
index 6c8a875b..02c1b579 100644
|
||||
--- a/tree.c
|
||||
+++ b/tree.c
|
||||
@@ -4386,29 +4386,28 @@ xmlNodePtr
|
||||
xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
|
||||
xmlNodePtr ret = NULL;
|
||||
xmlNodePtr p = NULL,q;
|
||||
+ xmlDtdPtr newSubset = NULL;
|
||||
|
||||
while (node != NULL) {
|
||||
-#ifdef LIBXML_TREE_ENABLED
|
||||
if (node->type == XML_DTD_NODE ) {
|
||||
- if (doc == NULL) {
|
||||
+#ifdef LIBXML_TREE_ENABLED
|
||||
+ if ((doc == NULL) || (doc->intSubset != NULL)) {
|
||||
node = node->next;
|
||||
continue;
|
||||
}
|
||||
- if (doc->intSubset == NULL) {
|
||||
- q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
|
||||
- if (q == NULL) goto error;
|
||||
- q->doc = doc;
|
||||
- q->parent = parent;
|
||||
- doc->intSubset = (xmlDtdPtr) q;
|
||||
- xmlAddChild(parent, q);
|
||||
- } else {
|
||||
- q = (xmlNodePtr) doc->intSubset;
|
||||
- xmlAddChild(parent, q);
|
||||
- }
|
||||
- } else
|
||||
+ q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
|
||||
+ if (q == NULL) goto error;
|
||||
+ q->doc = doc;
|
||||
+ q->parent = parent;
|
||||
+ newSubset = (xmlDtdPtr) q;
|
||||
+#else
|
||||
+ node = node->next;
|
||||
+ continue;
|
||||
#endif /* LIBXML_TREE_ENABLED */
|
||||
+ } else {
|
||||
q = xmlStaticCopyNode(node, doc, parent, 1);
|
||||
- if (q == NULL) goto error;
|
||||
+ if (q == NULL) goto error;
|
||||
+ }
|
||||
if (ret == NULL) {
|
||||
q->prev = NULL;
|
||||
ret = p = q;
|
||||
@@ -4420,6 +4419,8 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
|
||||
}
|
||||
node = node->next;
|
||||
}
|
||||
+ if (newSubset != NULL)
|
||||
+ doc->intSubset = newSubset;
|
||||
return(ret);
|
||||
error:
|
||||
xmlFreeNodeList(ret);
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,12 +1,13 @@
|
||||
Summary: Library providing XML and HTML support
|
||||
Name: libxml2
|
||||
Version: 2.11.4
|
||||
Release: 4
|
||||
Release: 5
|
||||
License: MIT
|
||||
Group: Development/Libraries
|
||||
Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz
|
||||
|
||||
Patch0: libxml2-multilib.patch
|
||||
Patch1: backport-CVE-2023-45322.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
BuildRequires: python3-devel
|
||||
@ -158,6 +159,12 @@ rm -fr %{buildroot}
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Oct 16 2023 BruceGW <gyl93216@163.com> -2.11.4-5
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-45322
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2023-45322
|
||||
|
||||
* Mon Aug 07 2023 zhuofeng <zhuofeng2@huawei.com> - 2.11.4-4
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user