Fix CVE-2024-50602
Resolves: RHEL-65066
This commit is contained in:
parent
29ef1f83ed
commit
4b4a20d485
108
expat-2.5.0-CVE-2024-50602.patch
Normal file
108
expat-2.5.0-CVE-2024-50602.patch
Normal file
@ -0,0 +1,108 @@
|
||||
commit 38905b99bb78a6a691ed8358f30030116783656c
|
||||
Author: Tomas Korbar <tkorbar@redhat.com>
|
||||
Date: Thu Nov 7 15:00:46 2024 +0100
|
||||
|
||||
Fix CVE-2024-50602
|
||||
|
||||
See https://github.com/libexpat/libexpat/pull/915
|
||||
|
||||
diff --git a/expat/lib/expat.h b/expat/lib/expat.h
|
||||
index 842dd70..69b0ba1 100644
|
||||
--- a/expat/lib/expat.h
|
||||
+++ b/expat/lib/expat.h
|
||||
@@ -128,7 +128,9 @@ enum XML_Error {
|
||||
/* Added in 2.3.0. */
|
||||
XML_ERROR_NO_BUFFER,
|
||||
/* Added in 2.4.0. */
|
||||
- XML_ERROR_AMPLIFICATION_LIMIT_BREACH
|
||||
+ XML_ERROR_AMPLIFICATION_LIMIT_BREACH,
|
||||
+ /* Added in 2.6.4. */
|
||||
+ XML_ERROR_NOT_STARTED,
|
||||
};
|
||||
|
||||
enum XML_Content_Type {
|
||||
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
|
||||
index e0c2873..8b2af91 100644
|
||||
--- a/expat/lib/xmlparse.c
|
||||
+++ b/expat/lib/xmlparse.c
|
||||
@@ -2193,6 +2193,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
|
||||
if (parser == NULL)
|
||||
return XML_STATUS_ERROR;
|
||||
switch (parser->m_parsingStatus.parsing) {
|
||||
+ case XML_INITIALIZED:
|
||||
+ parser->m_errorCode = XML_ERROR_NOT_STARTED;
|
||||
+ return XML_STATUS_ERROR;
|
||||
case XML_SUSPENDED:
|
||||
if (resumable) {
|
||||
parser->m_errorCode = XML_ERROR_SUSPENDED;
|
||||
@@ -2203,7 +2206,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
|
||||
case XML_FINISHED:
|
||||
parser->m_errorCode = XML_ERROR_FINISHED;
|
||||
return XML_STATUS_ERROR;
|
||||
- default:
|
||||
+ case XML_PARSING:
|
||||
if (resumable) {
|
||||
#ifdef XML_DTD
|
||||
if (parser->m_isParamEntity) {
|
||||
@@ -2214,6 +2217,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
|
||||
parser->m_parsingStatus.parsing = XML_SUSPENDED;
|
||||
} else
|
||||
parser->m_parsingStatus.parsing = XML_FINISHED;
|
||||
+ break;
|
||||
+ default:
|
||||
+ assert(0);
|
||||
}
|
||||
return XML_STATUS_OK;
|
||||
}
|
||||
@@ -2478,6 +2484,9 @@ XML_ErrorString(enum XML_Error code) {
|
||||
case XML_ERROR_AMPLIFICATION_LIMIT_BREACH:
|
||||
return XML_L(
|
||||
"limit on input amplification factor (from DTD and entities) breached");
|
||||
+ /* Added in 2.6.4. */
|
||||
+ case XML_ERROR_NOT_STARTED:
|
||||
+ return XML_L("parser not started");
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
|
||||
index ed88f9f..5769aa0 100644
|
||||
--- a/expat/tests/runtests.c
|
||||
+++ b/expat/tests/runtests.c
|
||||
@@ -8711,6 +8711,28 @@ START_TEST(test_misc_tag_mismatch_reset_leak) {
|
||||
}
|
||||
END_TEST
|
||||
|
||||
+START_TEST(test_misc_resumeparser_not_crashing) {
|
||||
+ XML_Parser parser = XML_ParserCreate(NULL);
|
||||
+ XML_GetBuffer(parser, 1);
|
||||
+ XML_StopParser(parser, /*resumable=*/XML_TRUE);
|
||||
+ XML_ResumeParser(parser); // could crash here, previously
|
||||
+ XML_ParserFree(parser);
|
||||
+}
|
||||
+END_TEST
|
||||
+
|
||||
+START_TEST(test_misc_stopparser_rejects_unstarted_parser) {
|
||||
+ const XML_Bool cases[] = {XML_TRUE, XML_FALSE};
|
||||
+ for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
|
||||
+ const XML_Bool resumable = cases[i];
|
||||
+ XML_Parser parser = XML_ParserCreate(NULL);
|
||||
+ assert_true(XML_GetErrorCode(parser) == XML_ERROR_NONE);
|
||||
+ assert_true(XML_StopParser(parser, resumable) == XML_STATUS_ERROR);
|
||||
+ assert_true(XML_GetErrorCode(parser) == XML_ERROR_NOT_STARTED);
|
||||
+ XML_ParserFree(parser);
|
||||
+ }
|
||||
+}
|
||||
+END_TEST
|
||||
+
|
||||
static void
|
||||
alloc_setup(void) {
|
||||
XML_Memory_Handling_Suite memsuite = {duff_allocator, duff_reallocator, free};
|
||||
@@ -13176,6 +13198,8 @@ make_suite(void) {
|
||||
tcase_add_test__ifdef_xml_dtd(
|
||||
tc_misc, test_misc_deny_internal_entity_closing_doctype_issue_317);
|
||||
tcase_add_test(tc_misc, test_misc_tag_mismatch_reset_leak);
|
||||
+ tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
|
||||
+ tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
|
||||
|
||||
suite_add_tcase(s, tc_alloc);
|
||||
tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown);
|
@ -3,7 +3,7 @@
|
||||
Summary: An XML parser library
|
||||
Name: expat
|
||||
Version: %(echo %{unversion} | sed 's/_/./g')
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
|
||||
URL: https://libexpat.github.io/
|
||||
License: MIT
|
||||
@ -19,6 +19,8 @@ Patch2: expat-2.5.0-CVE-2024-45490.patch
|
||||
Patch3: expat-2.5.0-CVE-2024-45491.patch
|
||||
# https://issues.redhat.com/browse/RHEL-57511
|
||||
Patch4: expat-2.5.0-CVE-2024-45492.patch
|
||||
# https://issues.redhat.com/browse/RHEL-65066
|
||||
Patch5: expat-2.5.0-CVE-2024-50602.patch
|
||||
|
||||
%description
|
||||
This is expat, the C library for parsing XML, written by James Clark. Expat
|
||||
@ -52,6 +54,7 @@ pushd ..
|
||||
%patch2 -p1 -b .CVE-2024-45490
|
||||
%patch3 -p1 -b .CVE-2024-45491
|
||||
%patch4 -p1 -b .CVE-2024-45492
|
||||
%patch5 -p1 -b .CVE-2024-50602
|
||||
popd
|
||||
|
||||
sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
|
||||
@ -100,6 +103,10 @@ make check
|
||||
%{_libdir}/lib*.a
|
||||
|
||||
%changelog
|
||||
* Thu Nov 07 2024 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-4
|
||||
- Fix CVE-2024-50602
|
||||
- Resolves: RHEL-65066
|
||||
|
||||
* Wed Oct 09 2024 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-3
|
||||
- Fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
|
||||
- Resolves: RHEL-56761
|
||||
|
Loading…
Reference in New Issue
Block a user