From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Sat, 14 Oct 2023 22:45:54 +0200 Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604. --- xmlreader.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xmlreader.c b/xmlreader.c index 979385a13..fefd68e0b 100644 --- a/xmlreader.c +++ b/xmlreader.c @@ -1443,6 +1443,7 @@ node_found: * Handle XInclude if asked for */ if ((reader->xinclude) && (reader->in_xinclude == 0) && + (reader->state != XML_TEXTREADER_BACKTRACK) && (reader->node != NULL) && (reader->node->type == XML_ELEMENT_NODE) && (reader->node->ns != NULL) && -- GitLab