graphviz/graphviz-2.40.1-CVE-2019-11023.patch
Jaroslav Škarvada a34c48e7bd Updated CVE-2019-11023 patch
Related: CVE-2019-11023
2019-04-24 16:08:05 +02:00

78 lines
2.3 KiB
Diff

diff --git a/cmd/tools/graphml2gv.c b/cmd/tools/graphml2gv.c
index 7b8214b..0910d99 100644
--- a/cmd/tools/graphml2gv.c
+++ b/cmd/tools/graphml2gv.c
@@ -477,8 +477,10 @@ startElementHandler(void *userData, const char *name, const char **atts)
if (pos > 0) {
const char *attrname;
attrname = atts[pos];
-
- bind_node(attrname);
+ if (G == 0)
+ fprintf(stderr,"node %s outside graph, ignored\n",attrname);
+ else
+ bind_node(attrname);
pushString(&ud->elements, attrname);
}
@@ -504,21 +506,25 @@ startElementHandler(void *userData, const char *name, const char **atts)
if (tname)
head = tname;
- bind_edge(tail, head);
+ if (G == 0)
+ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head);
+ else {
+ bind_edge(tail, head);
- t = AGTAIL(E);
- tname = agnameof(t);
+ t = AGTAIL(E);
+ tname = agnameof(t);
- if (strcmp(tname, tail) == 0) {
- ud->edgeinverted = FALSE;
- } else if (strcmp(tname, head) == 0) {
- ud->edgeinverted = TRUE;
- }
+ if (strcmp(tname, tail) == 0) {
+ ud->edgeinverted = FALSE;
+ } else if (strcmp(tname, head) == 0) {
+ ud->edgeinverted = TRUE;
+ }
- pos = get_xml_attr("id", atts);
- if (pos > 0) {
- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
- }
+ pos = get_xml_attr("id", atts);
+ if (pos > 0) {
+ setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
+ }
+ }
} else {
/* must be some extension */
fprintf(stderr,
@@ -539,7 +545,7 @@ static void endElementHandler(void *userData, const char *name)
char *ele_name = topString(ud->elements);
if (ud->closedElementType == TAG_GRAPH) {
Agnode_t *node = agnode(root, ele_name, 0);
- agdelete(root, node);
+ if (node) agdelete(root, node);
}
popString(&ud->elements);
Current_class = TAG_GRAPH;
diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c
index 7b1c8c1..709774e 100644
--- a/lib/cgraph/obj.c
+++ b/lib/cgraph/obj.c
@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack)
Agraph_t *agroot(void* obj)
{
+ // fixes CVE-2019-11023 by moving the problem to the caller :-)
+ if (obj == 0) return NILgraph;
switch (AGTYPE(obj)) {
case AGINEDGE:
case AGOUTEDGE: