Updated CVE-2019-11023 patch
Related: CVE-2019-11023
This commit is contained in:
Jaroslav Škarvada
parent
cccd8d37a2
commit
a34c48e7bd
@ -1,6 +1,8 @@
|
||||
diff --git a/cmd/tools/graphml2gv.c b/cmd/tools/graphml2gv.c
|
||||
index 7b8214b..0910d99 100644
|
||||
--- a/cmd/tools/graphml2gv.c
|
||||
+++ b/cmd/tools/graphml2gv.c
|
||||
@@ -477,8 +468,10 @@
|
||||
@@ -477,8 +477,10 @@ startElementHandler(void *userData, const char *name, const char **atts)
|
||||
if (pos > 0) {
|
||||
const char *attrname;
|
||||
attrname = atts[pos];
|
||||
@ -13,39 +15,36 @@
|
||||
|
||||
pushString(&ud->elements, attrname);
|
||||
}
|
||||
@@ -504,21 +497,25 @@
|
||||
@@ -504,21 +506,25 @@ startElementHandler(void *userData, const char *name, const char **atts)
|
||||
if (tname)
|
||||
head = tname;
|
||||
|
||||
- bind_edge(tail, head);
|
||||
-
|
||||
+ if (G == 0)
|
||||
+ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head);
|
||||
+ else {
|
||||
+ bind_edge(tail, head);
|
||||
|
||||
- t = AGTAIL(E);
|
||||
- tname = agnameof(t);
|
||||
-
|
||||
+ t = AGTAIL(E);
|
||||
+ tname = agnameof(t);
|
||||
|
||||
- if (strcmp(tname, tail) == 0) {
|
||||
- ud->edgeinverted = FALSE;
|
||||
- } else if (strcmp(tname, head) == 0) {
|
||||
- ud->edgeinverted = TRUE;
|
||||
- }
|
||||
-
|
||||
- pos = get_xml_attr("id", atts);
|
||||
- if (pos > 0) {
|
||||
- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
|
||||
- }
|
||||
+ if (G == 0)
|
||||
+ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head);
|
||||
+ else {
|
||||
+ bind_edge(tail, head);
|
||||
+
|
||||
+ t = AGTAIL(E);
|
||||
+ tname = agnameof(t);
|
||||
+
|
||||
+ if (strcmp(tname, tail) == 0) {
|
||||
+ ud->edgeinverted = FALSE;
|
||||
+ } else if (strcmp(tname, head) == 0) {
|
||||
+ ud->edgeinverted = TRUE;
|
||||
+ }
|
||||
+
|
||||
|
||||
- pos = get_xml_attr("id", atts);
|
||||
- if (pos > 0) {
|
||||
- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
|
||||
- }
|
||||
+ pos = get_xml_attr("id", atts);
|
||||
+ if (pos > 0) {
|
||||
+ setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
|
||||
@ -54,7 +53,7 @@
|
||||
} else {
|
||||
/* must be some extension */
|
||||
fprintf(stderr,
|
||||
@@ -545,7 +536,7 @@
|
||||
@@ -539,7 +545,7 @@ static void endElementHandler(void *userData, const char *name)
|
||||
char *ele_name = topString(ud->elements);
|
||||
if (ud->closedElementType == TAG_GRAPH) {
|
||||
Agnode_t *node = agnode(root, ele_name, 0);
|
||||
@ -63,3 +62,16 @@
|
||||
}
|
||||
popString(&ud->elements);
|
||||
Current_class = TAG_GRAPH;
|
||||
diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c
|
||||
index 7b1c8c1..709774e 100644
|
||||
--- a/lib/cgraph/obj.c
|
||||
+++ b/lib/cgraph/obj.c
|
||||
@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack)
|
||||
|
||||
Agraph_t *agroot(void* obj)
|
||||
{
|
||||
+ // fixes CVE-2019-11023 by moving the problem to the caller :-)
|
||||
+ if (obj == 0) return NILgraph;
|
||||
switch (AGTYPE(obj)) {
|
||||
case AGINEDGE:
|
||||
case AGOUTEDGE:
|
||||
|
||||
@ -61,7 +61,7 @@
|
||||
Name: graphviz
|
||||
Summary: Graph Visualization Tools
|
||||
Version: 2.40.1
|
||||
Release: 45%{?dist}
|
||||
Release: 46%{?dist}
|
||||
License: EPL-1.0
|
||||
URL: http://www.graphviz.org/
|
||||
# A bit hacking needed due to: https://gitlab.com/graphviz/graphviz/issues/1371
|
||||
@ -609,6 +609,10 @@ php --no-php-ini \
|
||||
%{_mandir}/man3/*.3tcl*
|
||||
|
||||
%changelog
|
||||
* Wed Apr 24 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-46
|
||||
- Updated CVE-2019-11023 patch
|
||||
Related: CVE-2019-11023
|
||||
|
||||
* Wed Apr 24 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-45
|
||||
- Fixed null pointer dereference in function agroot()
|
||||
Resolves: CVE-2019-11023
|
||||
|
||||
Loading…
Reference in New Issue
Block a user