Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
libxml2
libxml2-CVE-2021-3518.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libxml2-CVE-2021-3518.patch of Package libxml2
From 1098c30a040e72a4654968547f415be4e4c40fe7 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <wellnhofer@aevum.de> Date: Thu, 22 Apr 2021 19:26:28 +0200 Subject: [PATCH] Fix user-after-free with `xmllint --xinclude --dropdtd` The --dropdtd option can leave dangling pointers in entity reference nodes. Make sure to skip these nodes when processing XIncludes. This also avoids scanning entity declarations and even modifying them inadvertently during XInclude processing. Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. Fixes #237. --- xinclude.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Index: libxml2-2.9.10/xinclude.c =================================================================== --- libxml2-2.9.10.orig/xinclude.c +++ libxml2-2.9.10/xinclude.c @@ -2397,9 +2397,8 @@ xmlXIncludeDoProcess(xmlXIncludeCtxtPtr while ((cur != NULL) && (cur != tree->parent)) { /* TODO: need to work on entities -> stack */ if ((cur->children != NULL) && - (cur->children->type != XML_ENTITY_DECL) && - (cur->children->type != XML_XINCLUDE_START) && - (cur->children->type != XML_XINCLUDE_END)) { + ((cur->type == XML_DOCUMENT_NODE) || + (cur->type == XML_ELEMENT_NODE))) { cur = cur->children; if (xmlXIncludeTestNode(ctxt, cur)) xmlXIncludePreProcessNode(ctxt, cur);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor