Fix CVE-2024-50602

Resolves: RHEL-65062
2024-11-08 11:31:01 +01:00 · 2024-11-08 11:31:01 +01:00 · 00ef654fce
commit 00ef654fce
parent 03667dcab4
2 changed files with 115 additions and 1 deletions
--- a/expat-2.2.5-CVE-2024-50602.patch
+++ b/expat-2.2.5-CVE-2024-50602.patch
@ -0,0 +1,108 @@
+commit c84ad1507fa42c25937af06e349c8f2f9bc34c11
+Author: Tomas Korbar <tkorbar@redhat.com>
+Date:   Fri Nov 8 11:18:42 2024 +0100
+
+    Fix CVE-2024-50602
+    
+    See https://github.com/libexpat/libexpat/pull/915
+
+diff --git a/expat/lib/expat.h b/expat/lib/expat.h
+index afe12c5..157953c 100644
+--- a/expat/lib/expat.h
+++ b/expat/lib/expat.h
+@@ -124,7 +124,9 @@ enum XML_Error {
+   XML_ERROR_RESERVED_PREFIX_XMLNS,
+   XML_ERROR_RESERVED_NAMESPACE_URI,
+   /* Added in 2.2.1. */
+-  XML_ERROR_INVALID_ARGUMENT
+  XML_ERROR_INVALID_ARGUMENT,
+  /* Added in 2.6.4. */
+  XML_ERROR_NOT_STARTED
+ };
+ 
+ enum XML_Content_Type {
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 698e907..ed079a5 100644
+--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
+@@ -2170,6 +2170,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
+   if (parser == NULL)
+     return XML_STATUS_ERROR;
+   switch (parser->m_parsingStatus.parsing) {
+  case XML_INITIALIZED:
+    parser->m_errorCode = XML_ERROR_NOT_STARTED;
+    return XML_STATUS_ERROR;
+   case XML_SUSPENDED:
+     if (resumable) {
+       parser->m_errorCode = XML_ERROR_SUSPENDED;
+@@ -2180,7 +2183,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
+   case XML_FINISHED:
+     parser->m_errorCode = XML_ERROR_FINISHED;
+     return XML_STATUS_ERROR;
+-  default:
+  case XML_PARSING:
+     if (resumable) {
+ #ifdef XML_DTD
+       if (parser->m_isParamEntity) {
+@@ -2192,6 +2195,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
+     }
+     else
+       parser->m_parsingStatus.parsing = XML_FINISHED;
+    break;
+  default:
+    assert(0);
+   }
+   return XML_STATUS_OK;
+ }
+@@ -2456,6 +2462,9 @@ XML_ErrorString(enum XML_Error code)
+   /* Added in 2.2.5. */
+   case XML_ERROR_INVALID_ARGUMENT:  /* Constant added in 2.2.1, already */
+     return XML_L("invalid argument");
+  /* Added in 2.6.4. */
+  case XML_ERROR_NOT_STARTED:
+    return XML_L("parser not started");
+   }
+   return NULL;
+ }
+diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
+index 6a3e09a..7b6d9fb 100644
+--- a/expat/tests/runtests.c
+++ b/expat/tests/runtests.c
+@@ -9162,6 +9162,28 @@ START_TEST(test_misc_utf16le)
+ END_TEST
+ 
+ 
+START_TEST(test_misc_resumeparser_not_crashing) {
+  XML_Parser parser = XML_ParserCreate(NULL);
+  XML_GetBuffer(parser, 1);
+  XML_StopParser(parser, /*resumable=*/XML_TRUE);
+  XML_ResumeParser(parser); // could crash here, previously
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_misc_stopparser_rejects_unstarted_parser) {
+  const XML_Bool cases[] = {XML_TRUE, XML_FALSE};
+  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
+    const XML_Bool resumable = cases[i];
+    XML_Parser parser = XML_ParserCreate(NULL);
+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NONE);
+    assert_true(XML_StopParser(parser, resumable) == XML_STATUS_ERROR);
+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NOT_STARTED);
+    XML_ParserFree(parser);
+  }
+}
+END_TEST
+
+ static void
+ alloc_setup(void)
+ {
+@@ -13325,6 +13347,8 @@ make_suite(void)
+     tcase_add_test(tc_misc,
+                    test_misc_deny_internal_entity_closing_doctype_issue_317);
+ #endif
+    tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
+    tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
+ 
+     suite_add_tcase(s, tc_alloc);
+     tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown);
--- a/expat.spec
+++ b/expat.spec
@ -3,7 +3,7 @@
 Summary: An XML parser library
 Name: expat
 Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 15%{?dist}
+Release: 16%{?dist}
 Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
 URL: https://libexpat.github.io/
 License: MIT
@ -26,6 +26,7 @@ Patch14: expat-2.2.5-CVE-2023-52425.patch
 Patch15: expat-2.2.5-CVE-2024-45490.patch
 Patch16: expat-2.2.5-CVE-2024-45491.patch
 Patch17: expat-2.2.5-CVE-2024-45492.patch
+Patch18: expat-2.2.5-CVE-2024-50602.patch

 %description
 This is expat, the C library for parsing XML, written by James Clark. Expat
@ -72,6 +73,7 @@ pushd ..
 %patch15 -p1 -b .CVE-2024-45490
 %patch16 -p1 -b .CVE-2024-45491
 %patch17 -p1 -b .CVE-2024-45492
+%patch18 -p1 -b .CVE-2024-50602
 popd

 sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
@ -120,6 +122,10 @@ make check
 %{_libdir}/lib*.a

 %changelog
+* Fri Nov 08 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-16
+- Fix CVE-2024-50602
+- Resolves: RHEL-65062
+
 * Wed Sep 11 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-15
 - Rebuild for test reconfiguration