File Fix-for-CVE-2021-26222-ezxml-bug-22.patch of Package netcdf

Overview Repositories Revisions Requests Users Attributes Meta

File Fix-for-CVE-2021-26222-ezxml-bug-22.patch of Package netcdf

From: Egbert Eich <eich@suse.com>
Date: Mon Oct 25 15:48:44 2021 +0200
Subject: Fix for CVE-2021-26222 / ezxml bug 22
Patch-mainline: Not yet
Git-commit: 570014c63590eaf25061863cca6a1b6adb3bfe6c
References:

Make sure malloc() succeeds.
This fixes
 https://sourceforge.net/p/ezxml/bugs/22/

Signed-off-by: Egbert Eich <eich@suse.com>
---
 libdap4/ezxml.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libdap4/ezxml.c b/libdap4/ezxml.c
index fb470df..ac7d979 100644
--- a/libdap4/ezxml.c
+++ b/libdap4/ezxml.c
@@ -808,12 +808,14 @@ ezxml_t ezxml_new(const char *name)
     static char *ent[] = { "lt;", "&#60;", "gt;", "&#62;", "quot;", "&#34;",
                            "apos;", "&#39;", "amp;", "&#38;", NULL };
     ezxml_root_t root;
+    char **p_ent;
     if (!(root  = malloc(sizeof(struct ezxml_root)))) return NULL;  // bug#21
     root = (ezxml_root_t)memset(root, '\0', sizeof(struct ezxml_root));
     root->xml.name = (char *)name;
+    if (!(p_ent = malloc(sizeof(ent)))) { free(root); return NULL; }; // bug#22 CVE-2021-26222
     root->cur = &root->xml;
     strcpy(root->err, root->xml.txt = "");
-    root->ent = memcpy(malloc(sizeof(ent)), ent, sizeof(ent));
+    root->ent = memcpy(p_ent, ent, sizeof(ent));
     root->attr = root->pi = (char ***)(root->xml.attr = EZXML_NIL);
     return &root->xml;
 }

Places

File Fix-for-CVE-2021-26222-ezxml-bug-22.patch of Package netcdf

Places