rpms/libxml2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2021-3537 (#1956524)

Browse Source
This commit is contained in:
David King 2021-05-06 11:22:51 +01:00
parent 68f382363e
commit 7d937edcf5
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
libxml2-2.9.10-CVE-2021-3537.patch Normal file
View File

@ -0,0 +1,44 @@
From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 1 May 2021 16:53:33 +0200
Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv
Check return value of recursive calls to
xmlParseElementChildrenContentDeclPriv and return immediately in case
of errors. Otherwise, struct xmlElementContent could contain unexpected
null pointers, leading to a null deref when post-validating documents
which aren't well-formed and parsed in recovery mode.
Fixes #243.
---
parser.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/parser.c b/parser.c
index b42e6043..73c27edd 100644
--- a/parser.c
+++ b/parser.c
@@ -6208,6 +6208,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
SKIP_BLANKS;
cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
depth + 1);
+ if (cur == NULL)
+ return(NULL);
SKIP_BLANKS;
GROW;
} else {
@@ -6341,6 +6343,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
SKIP_BLANKS;
last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
depth + 1);
+ if (last == NULL) {
+ if (ret != NULL)
+ xmlFreeDocElementContent(ctxt->myDoc, ret);
+ return(NULL);
+ }
SKIP_BLANKS;
} else {
elem = xmlParseName(ctxt);
--
GitLab

7
libxml2.spec
View File

@ -1,6 +1,6 @@
Name: libxml2 Name: libxml2
Version: 2.9.10 Version: 2.9.10
Release: 11%{?dist} Release: 12%{?dist}
Summary: Library providing XML and HTML support Summary: Library providing XML and HTML support
License: MIT License: MIT
@ -28,6 +28,8 @@ Patch9: libxml2-2.9.10-CVE-2021-3516.patch
Patch10: libxml2-2.9.10-CVE-2021-3517.patch Patch10: libxml2-2.9.10-CVE-2021-3517.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1954243 # https://bugzilla.redhat.com/show_bug.cgi?id=1954243
Patch11: libxml2-2.9.10-CVE-2021-3518.patch Patch11: libxml2-2.9.10-CVE-2021-3518.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1956524
Patch12: libxml2-2.9.10-CVE-2021-3537.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: make BuildRequires: make
@ -159,6 +161,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
%{python3_sitearch}/libxml2mod.so %{python3_sitearch}/libxml2mod.so
%changelog %changelog
* Thu May 06 2021 David King <amigadave@amigadave.com> - 2.9.10-12
- Fix CVE-2021-3537 (#1956524)
* Wed May 05 2021 David King <amigadave@amigadave.com> - 2.9.10-11 * Wed May 05 2021 David King <amigadave@amigadave.com> - 2.9.10-11
- Fix CVE-2021-3516 (#1954227) - Fix CVE-2021-3516 (#1954227)
- Fix CVE-2021-3517 (#1954234) - Fix CVE-2021-3517 (#1954234)