LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24150 Commits
1 Branch
46 MiB
Tree: 5283711754
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5283711754'
${ noResults }
openwrt-packages-dist/libs/libxml2/patches/002-CVE-2020-24977.patch

31 lines
971 B
Raw Normal View History

libxml: patch security issues Fixes: CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
4 years ago
 
  1. From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
  2. From: Nick Wellnhofer <wellnhofer@aevum.de>
  3. Date: Fri, 7 Aug 2020 21:54:27 +0200
  4. Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
  5. 

  6. Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
  7. array access.
  8. 

  9. Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
  10. the report.
  11. 

  12. Fixes #178.
  13. ---

  14.  xmllint.c | 6 ++++++
  15.  1 file changed, 6 insertions(+)
  16. 

  17. --- a/xmllint.c

  18. +++ b/xmllint.c

  19. @@ -528,6 +528,12 @@ static void

  20.  xmlHTMLEncodeSend(void) {
  21.      char *result;
  22.  
  23. +    /*

  24. +     * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might

  25. +     * end with a truncated UTF-8 sequence. This is a hack to at least avoid

  26. +     * an out-of-bounds read.

  27. +     */

  28. +    memset(&buffer[sizeof(buffer)-4], 0, 4);

  29.      result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
  30.      if (result) {
  31.  	xmlGenericError(xmlGenericErrorContext, "%s", result);