libxml2/libxml2-CVE-2024-25062.patch

From 1a66b176055d25ee635bf328c7b35b381db0b71d Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 14 Oct 2023 22:45:54 +0200
Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
 backtracking

Fixes a use-after-free if XML Reader if used with DTD validation and
XInclude expansion.

Fixes #604.
---
 xmlreader.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xmlreader.c b/xmlreader.c
index 3bdb8228..6486c7da 100644
--- a/xmlreader.c
+++ b/xmlreader.c
@@ -1428,6 +1428,7 @@ node_found:
      * Handle XInclude if asked for
      */
     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+        (reader->state != XML_TEXTREADER_BACKTRACK) &&
         (reader->node != NULL) &&
 	(reader->node->type == XML_ELEMENT_NODE) &&
 	(reader->node->ns != NULL) &&
-- 
GitLab
Sync from SUSE:ALP:Source:Standard:1.0 libxml2 revision 8699663f16a385a3907d565db2b6e539 2024-03-08 16:39:31 +01:00			`From 1a66b176055d25ee635bf328c7b35b381db0b71d Mon Sep 17 00:00:00 2001`
			`From: Nick Wellnhofer <wellnhofer@aevum.de>`
			`Date: Sat, 14 Oct 2023 22:45:54 +0200`
			`Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when`
			`backtracking`

			`Fixes a use-after-free if XML Reader if used with DTD validation and`
			`XInclude expansion.`

			`Fixes #604.`
			`---`
			`xmlreader.c \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/xmlreader.c b/xmlreader.c`
			`index 3bdb8228..6486c7da 100644`
			`--- a/xmlreader.c`
			`+++ b/xmlreader.c`
			`@@ -1428,6 +1428,7 @@ node_found:`
			`* Handle XInclude if asked for`
			`*/`
			`if ((reader->xinclude) && (reader->in_xinclude == 0) &&`
			`+ (reader->state != XML_TEXTREADER_BACKTRACK) &&`
			`(reader->node != NULL) &&`
			`(reader->node->type == XML_ELEMENT_NODE) &&`
			`(reader->node->ns != NULL) &&`
			`--`
			`GitLab`