Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP6
netcdf.21641
Fix-for-CVE-2021-26221-ezxml-bug-21.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Fix-for-CVE-2021-26221-ezxml-bug-21.patch of Package netcdf.21641
From: Egbert Eich <eich@suse.com> Date: Mon Oct 25 15:44:54 2021 +0200 Subject: Fix for CVE-2021-26221 / ezxml bug 21 Patch-mainline: Not yet Git-commit: 9c8180f466dc672dc5fd7ce8513bb4994ad84364 References: Make sure malloc() succeeds. This fixes https://sourceforge.net/p/ezxml/bugs/21/ Signed-off-by: Egbert Eich <eich@suse.com> --- libdap4/ezxml.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libdap4/ezxml.c b/libdap4/ezxml.c index 17b2eb8..fb470df 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -485,6 +485,7 @@ ezxml_t ezxml_parse_str(char *s, size_t len) char q, e, *d, **attr, **a = NULL; /* initialize a to avoid compile warning*/ int l, i, j; + if (!root) return NULL; // bug#21 / CVE-2021-26221 root->m = s; if (! len) return ezxml_err(root, NULL, "root tag missing"); root->u = ezxml_str2utf8(&s, &len); /* convert utf-16 to utf-8*/ @@ -806,8 +807,9 @@ ezxml_t ezxml_new(const char *name) { static char *ent[] = { "lt;", "<", "gt;", ">", "quot;", """, "apos;", "'", "amp;", "&", NULL }; - ezxml_root_t root = (ezxml_root_t)memset(malloc(sizeof(struct ezxml_root)), - '\0', sizeof(struct ezxml_root)); + ezxml_root_t root; + if (!(root = malloc(sizeof(struct ezxml_root)))) return NULL; // bug#21 + root = (ezxml_root_t)memset(root, '\0', sizeof(struct ezxml_root)); root->xml.name = (char *)name; root->cur = &root->xml; strcpy(root->err, root->xml.txt = "");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor