LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21989 Commits
1 Branch
46 MiB
Tree: 11bf9d3f73
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '11bf9d3f73'
${ noResults }
openwrt-packages-dist/libs/libxml2/patches/002-CVE-2020-24977.patch

36 lines
1.0 KiB
Raw Normal View History

libxml: patch security issues Fixes: CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
4 years ago
 
  1. From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
  2. From: Nick Wellnhofer <wellnhofer@aevum.de>
  3. Date: Fri, 7 Aug 2020 21:54:27 +0200
  4. Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
  5. 

  6. Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
  7. array access.
  8. 

  9. Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
  10. the report.
  11. 

  12. Fixes #178.
  13. ---

  14.  xmllint.c | 6 ++++++
  15.  1 file changed, 6 insertions(+)
  16. 

  17. diff --git a/xmllint.c b/xmllint.c

  18. index f6a8e4636..c647486f3 100644

  19. --- a/xmllint.c

  20. +++ b/xmllint.c

  21. @@ -528,6 +528,12 @@ static void

  22.  xmlHTMLEncodeSend(void) {
  23.      char *result;
  24.  
  25. +    /*

  26. +     * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might

  27. +     * end with a truncated UTF-8 sequence. This is a hack to at least avoid

  28. +     * an out-of-bounds read.

  29. +     */

  30. +    memset(&buffer[sizeof(buffer)-4], 0, 4);

  31.      result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
  32.      if (result) {
  33.  	xmlGenericError(xmlGenericErrorContext, "%s", result);
  34. -- 

  35. GitLab
  36.