Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
libxml2.2672
libxml2-2.9.1-CVE-2016-3627.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libxml2-2.9.1-CVE-2016-3627.patch of Package libxml2.2672
From e5269fd1e83743f7e62c89eca45000c2e84e6edc Mon Sep 17 00:00:00 2001 From: Peter Simons <psimons@suse.com> Date: Thu, 14 Apr 2016 16:15:13 +0200 Subject: [PATCH 1/2] xmlStringGetNodeList: limit the function to 1024 recursions to avoid CVE-2016-3627 This patch prevents stack overflows like the one reported in https://bugzilla.gnome.org/show_bug.cgi?id=762100. --- tree.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) Index: libxml2-2.9.1/tree.c =================================================================== --- libxml2-2.9.1.orig/tree.c 2016-04-18 14:53:09.375753353 +0200 +++ libxml2-2.9.1/tree.c 2016-04-18 15:33:02.923379754 +0200 @@ -1459,6 +1459,8 @@ out: return(ret); } +static xmlNodePtr xmlStringGetNodeListInternal(const xmlDoc *doc, const xmlChar *value, size_t recursionLevel); + /** * xmlStringGetNodeList: * @doc: the document @@ -1470,6 +1472,11 @@ out: */ xmlNodePtr xmlStringGetNodeList(xmlDocPtr doc, const xmlChar *value) { + return xmlStringGetNodeListInternal(doc, value, 0); +} + +static xmlNodePtr +xmlStringGetNodeListInternal(const xmlDoc *doc, const xmlChar *value, size_t recursionLevel) { xmlNodePtr ret = NULL, last = NULL; xmlNodePtr node; xmlChar *val; @@ -1478,6 +1485,8 @@ xmlStringGetNodeList(xmlDocPtr doc, cons xmlEntityPtr ent; xmlBufPtr buf; + if (recursionLevel > 1024) return(NULL); + if (value == NULL) return(NULL); buf = xmlBufCreateSize(0); @@ -1588,8 +1597,9 @@ xmlStringGetNodeList(xmlDocPtr doc, cons else if ((ent != NULL) && (ent->children == NULL)) { xmlNodePtr temp; - ent->children = xmlStringGetNodeList(doc, - (const xmlChar*)node->content); + ent->children = xmlStringGetNodeListInternal(doc, + (const xmlChar*)node->content, + recursionLevel+1); ent->owner = 1; temp = ent->children; while (temp) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor