41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
From 12ef9e5bb7b4bf4f901a2a34b6609a908b1544af Mon Sep 17 00:00:00 2001
|
|
From: David King <dking@redhat.com>
|
|
Date: Wed, 2 Jul 2025 13:56:53 +0100
|
|
Subject: [PATCH] Fix CVE-2025-49796
|
|
|
|
Fix for type confusion in CVE-2025-49796, for the specific case
|
|
mentioned in the vulnerability report. A more general fix should be
|
|
applied in the future, after upstream review.
|
|
|
|
https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
|
|
---
|
|
schematron.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/schematron.c b/schematron.c
|
|
index ba7fa56c..47f97c04 100644
|
|
--- a/schematron.c
|
|
+++ b/schematron.c
|
|
@@ -26,6 +26,7 @@
|
|
#ifdef LIBXML_SCHEMATRON_ENABLED
|
|
|
|
#include <stdlib.h>
|
|
+#include <stdint.h>
|
|
#include <string.h>
|
|
#include <libxml/parser.h>
|
|
#include <libxml/tree.h>
|
|
@@ -1442,7 +1443,9 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
|
|
xmlFree(path);
|
|
}
|
|
|
|
- if ((node->ns == NULL) || (node->ns->prefix == NULL))
|
|
+ if ((node == NULL) || (node->ns == NULL)
|
|
+ || ((uintptr_t)node->ns == (uintptr_t)-1) // Check for 0xffffffffffffffff
|
|
+ || (node->ns->prefix == NULL))
|
|
ret = xmlStrcat(ret, node->name);
|
|
else {
|
|
ret = xmlStrcat(ret, node->ns->prefix);
|
|
--
|
|
2.49.0
|
|
|