From 66503a69df12882a6b055f312cecdc2433c2de22 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Wed, 18 Mar 2020 14:27:15 +0100 Subject: libxml2: Add upstream patch fixing CVE-2020-7595 Signed-off-by: Alexander Dahl Message-Id: <20200318132716.10624-4-ada@thorsis.com> Signed-off-by: Michael Olbrich --- ...finite-loop-in-xmlStringLenDecodeEntities.patch | 28 ++++++++++++++++++++++ patches/libxml2-2.9.10/series | 4 +++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch (limited to 'patches') diff --git a/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch b/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch new file mode 100644 index 000000000..59c864731 --- /dev/null +++ b/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch @@ -0,0 +1,28 @@ +From: Zhipeng Xie +Date: Thu, 12 Dec 2019 17:30:55 +0800 +Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities + +When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef +return NULL which cause a infinite loop in xmlStringLenDecodeEntities + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index d1c319631fc9..a34bb6cdd81b 100644 +--- a/parser.c ++++ b/parser.c +@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + else + c = 0; + while ((c != 0) && (c != end) && /* non input consuming loop */ +- (c != end2) && (c != end3)) { ++ (c != end2) && (c != end3) && ++ (ctxt->instate != XML_PARSER_EOF)) { + + if (c == 0) break; + if ((c == '&') && (str[1] == '#')) { diff --git a/patches/libxml2-2.9.10/series b/patches/libxml2-2.9.10/series index 198075fbf..b8e92fb7a 100644 --- a/patches/libxml2-2.9.10/series +++ b/patches/libxml2-2.9.10/series @@ -1,5 +1,7 @@ # generated by git-ptx-patches #tag:base --start-number 1 +#tag:upstream --start-number 1 +0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch #tag:ptx --start-number 200 0200-xml2-config-is-not-SYSROOT-aware.patch -# 9a7de85eef8cb30919e83bc9b2e42cd9 - git-ptx-patches magic +# 0a9081f5db07b8cbb593bc669a7603c7 - git-ptx-patches magic -- cgit v1.2.3