Accepting request 856646 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Security fix: [bsc#1161521, CVE-2019-20388] * Memory leak in xmlSchemaPreRun in xmlschemas.c - Add libxml2-CVE-2019-20388.patch OBS-URL: https://build.opensuse.org/request/show/856646 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=155
2020-12-19 18:30:12 +00:00
parent 0ce0488227
commit 00bbc44e87
3 changed files with 43 additions and 0 deletions
--- a/libxml2-CVE-2019-20388.patch
+++ b/libxml2-CVE-2019-20388.patch
@@ -0,0 +1,33 @@
+From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c8449..39d92182 100644
+--- a/xmlschemas.c
+++ b/xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+     vctxt->nberrors = 0;
+     vctxt->depth = -1;
+     vctxt->skipDepth = -1;
+-    vctxt->xsiAssemble = 0;
+     vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+     vctxt->createIDCNodeTables = 1;
+-- 
+GitLab
+
--- a/libxml2.changes
+++ b/libxml2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Dec 17 10:19:33 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1161521, CVE-2019-20388]
+  * Memory leak in xmlSchemaPreRun in xmlschemas.c
+- Add libxml2-CVE-2019-20388.patch
+
 -------------------------------------------------------------------
 Wed Nov 25 09:07:36 UTC 2020 - Pedro Monreal <pmonreal@suse.com>

--- a/libxml2.spec
+++ b/libxml2.spec
@@ -62,6 +62,8 @@ Patch6:         libxml2-CVE-2019-19956.patch
 Patch7:         libxml2-CVE-2020-24977.patch
 # PATCH-FIX-SUSE bsc#1178823 Avoid quadratic checking of identity-constraints
 Patch8:         libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
+# PATCH-FIX-UPSTREAM bsc#1161521 CVE-2019-20388 Memory leak in xmlSchemaPreRun
+Patch9:         libxml2-CVE-2019-20388.patch
 BuildRequires:  fdupes
 BuildRequires:  pkgconfig
 BuildRequires:  python-rpm-macros
@@ -166,6 +168,7 @@ or manipulate any kind of XML files.
 %patch6 -p1 -R
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1

 %build
 %if !%{with python}