Fix CVE-2019-13117 (#1728547)

2019-10-11 17:36:40 +02:00 · 2019-10-11 17:36:40 +02:00 · b54d63b744
commit b54d63b744
parent 4f7bfe097d
2 changed files with 32 additions and 0 deletions
--- a/CVE-2019-13117.patch
+++ b/CVE-2019-13117.patch
@ -0,0 +1,30 @@
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- a/libxslt/numbers.c
+++ b/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+ 		tokens->tokens[tokens->nTokens].token = val - 1;
+ 		ix += len;
+ 		val = xmlStringCurrentChar(NULL, format+ix, &len);
+-	    }
+	    } else {
+                tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
+                tokens->tokens[tokens->nTokens].width = 1;
+            }
+ 	} else if ( (val == (xmlChar)'A') ||
+ 		    (val == (xmlChar)'a') ||
+ 		    (val == (xmlChar)'I') ||
+-- 
+2.22.0
+
+
--- a/libxslt.spec
+++ b/libxslt.spec
@ -24,6 +24,8 @@ Patch2:         multilib2.patch
 Patch3:         CVE-2019-11068.patch
 # https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
 Patch4:         CVE-2019-13118.patch
+# https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
+Patch5:         CVE-2019-13117.patch

 %description
 This C library allows to transform XML files into other XML files