diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch new file mode 100644 index 0000000000..26779aa572 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch @@ -0,0 +1,37 @@ +From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Wed, 23 Aug 2017 16:04:49 +0800 +Subject: [PATCH] fix CVE-2017-8872 + +this makes xmlHaltParser "empty" the buffer, as it resets cur and ava +il too here. + +this seems to cure this specific issue, and also passes the testsuite + +Signed-off-by: Marcus Meissner <meissner@suse.de> + +https://bugzilla.gnome.org/show_bug.cgi?id=775200 +Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + parser.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/parser.c b/parser.c +index 9506ead..6c07ffd 100644 +--- a/parser.c ++++ b/parser.c +@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { + } + ctxt->input->cur = BAD_CAST""; + ctxt->input->base = ctxt->input->cur; ++ if (ctxt->input->buf) { ++ xmlBufEmpty (ctxt->input->buf->buffer); ++ } else ++ ctxt->input->length = 0; + } + } + +-- +2.7.4 + |