rpms/libxml2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI libxml2-2.9.7-20.el8_10

Browse Source
This commit is contained in:
eabdullin 2025-06-12 00:33:59 +00:00
parent c0b384b0f9
commit 089ccc9be7
2 changed files with 79 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
SOURCES/libxml2-2.9.13-CVE-2025-32414.patch Normal file
View File

@ -0,0 +1,73 @@
From c0fa8ea4b9a3fc0043e95622dcc4bf0a96199d57 Mon Sep 17 00:00:00 2001
From: Maks Verver <maks@verver.ch>
Date: Mon, 9 Jun 2025 20:09:17 +0100
Subject: [PATCH] [CVE-2025-32414] python: Read at most len/4 characters.
Fixes #889 by reserving space in the buffer for UTF-8 encoding of text.
---
python/libxml.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/python/libxml.c b/python/libxml.c
index ef630254..f31e080f 100644
--- a/python/libxml.c
+++ b/python/libxml.c
@@ -287,7 +287,9 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
#endif
file = (PyObject *) context;
if (file == NULL) return(-1);
- ret = PyEval_CallMethod(file, (char *) "read", (char *) "(i)", len);
+ /* When read() returns a string, the length is in characters not bytes, so
+ request at most len / 4 characters to leave space for UTF-8 encoding. */
+ ret = PyEval_CallMethod(file, (char *) "read", (char *) "(i)", len / 4);
if (ret == NULL) {
printf("xmlPythonFileReadRaw: result is NULL\n");
return(-1);
@@ -322,10 +324,12 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
Py_DECREF(ret);
return(-1);
}
- if (lenread > len)
- memcpy(buffer, data, len);
- else
- memcpy(buffer, data, lenread);
+ if (lenread < 0 || lenread > len) {
+ printf("xmlPythonFileReadRaw: invalid lenread\n");
+ Py_DECREF(ret);
+ return(-1);
+ }
+ memcpy(buffer, data, lenread);
Py_DECREF(ret);
return(lenread);
}
@@ -352,7 +356,9 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
#endif
file = (PyObject *) context;
if (file == NULL) return(-1);
- ret = PyEval_CallMethod(file, (char *) "io_read", (char *) "(i)", len);
+ /* When read() returns a string, the length is in characters not bytes, so
+ request at most len / 4 characters to leave space for UTF-8 encoding. */
+ ret = PyEval_CallMethod(file, (char *) "io_read", (char *) "(i)", len / 4);
if (ret == NULL) {
printf("xmlPythonFileRead: result is NULL\n");
return(-1);
@@ -387,10 +393,12 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
Py_DECREF(ret);
return(-1);
}
- if (lenread > len)
- memcpy(buffer, data, len);
- else
- memcpy(buffer, data, lenread);
+ if (lenread < 0 || lenread > len) {
+ printf("xmlPythonFileRead: invalid lenread\n");
+ Py_DECREF(ret);
+ return(-1);
+ }
+ memcpy(buffer, data, lenread);
Py_DECREF(ret);
return(lenread);
}
--
2.49.0

7
SPECS/libxml2.spec
View File

@ -7,7 +7,7 @@
Name: libxml2
Version: 2.9.7
Release: 19%{?dist}
Release: 20%{?dist}
Summary: Library providing XML and HTML support
License: MIT
@ -70,6 +70,8 @@ Patch26: libxml2-2.9.13-CVE-2022-49043.patch
Patch27: libxml2-2.9.13-CVE-2024-56171.patch
# https://issues.redhat.com/browse/RHEL-80137
Patch28: libxml2-2.9.13-CVE-2025-24928.patch
# https://issues.redhat.com/browse/RHEL-88198
Patch29: libxml2-2.9.13-CVE-2025-32414.patch
BuildRequires: gcc
BuildRequires: cmake-rpm-macros
@ -241,6 +243,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
%{python3_sitearch}/libxml2mod.so
%changelog
* Thu Jun 05 2025 David King <dking@redhat.com> - 2.9.7-20
- Fix CVE-2025-32414 (RHEL-88198)
* Tue Mar 11 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.9.7-19
- Fix CVE-2024-56171 (RHEL-80122)
- Fix CVE-2025-24928 (RHEL-80137)