forked from pool/libxml2
Accepting request 856646 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Security fix: [bsc#1161521, CVE-2019-20388] * Memory leak in xmlSchemaPreRun in xmlschemas.c - Add libxml2-CVE-2019-20388.patch OBS-URL: https://build.opensuse.org/request/show/856646 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=155
This commit is contained in:
Git OBS Bridge
33
libxml2-CVE-2019-20388.patch
Normal file
33
libxml2-CVE-2019-20388.patch
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zhipeng Xie <xiezhipeng1@huawei.com>
|
||||||
|
Date: Tue, 20 Aug 2019 16:33:06 +0800
|
||||||
|
Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
|
||||||
|
|
||||||
|
When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
|
||||||
|
alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
|
||||||
|
to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
|
||||||
|
vctxt->xsiAssemble to 0 again which cause the alloced schema
|
||||||
|
can not be freed anymore.
|
||||||
|
|
||||||
|
Found with libFuzzer.
|
||||||
|
|
||||||
|
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
|
||||||
|
---
|
||||||
|
xmlschemas.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/xmlschemas.c b/xmlschemas.c
|
||||||
|
index 301c8449..39d92182 100644
|
||||||
|
--- a/xmlschemas.c
|
||||||
|
+++ b/xmlschemas.c
|
||||||
|
@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
|
||||||
|
vctxt->nberrors = 0;
|
||||||
|
vctxt->depth = -1;
|
||||||
|
vctxt->skipDepth = -1;
|
||||||
|
- vctxt->xsiAssemble = 0;
|
||||||
|
vctxt->hasKeyrefs = 0;
|
||||||
|
#ifdef ENABLE_IDC_NODE_TABLES_TEST
|
||||||
|
vctxt->createIDCNodeTables = 1;
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
@@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 17 10:19:33 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Security fix: [bsc#1161521, CVE-2019-20388]
|
||||||
|
* Memory leak in xmlSchemaPreRun in xmlschemas.c
|
||||||
|
- Add libxml2-CVE-2019-20388.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 25 09:07:36 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
Wed Nov 25 09:07:36 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
|||||||
@@ -62,6 +62,8 @@ Patch6: libxml2-CVE-2019-19956.patch
|
|||||||
Patch7: libxml2-CVE-2020-24977.patch
|
Patch7: libxml2-CVE-2020-24977.patch
|
||||||
# PATCH-FIX-SUSE bsc#1178823 Avoid quadratic checking of identity-constraints
|
# PATCH-FIX-SUSE bsc#1178823 Avoid quadratic checking of identity-constraints
|
||||||
Patch8: libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
|
Patch8: libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
|
||||||
|
# PATCH-FIX-UPSTREAM bsc#1161521 CVE-2019-20388 Memory leak in xmlSchemaPreRun
|
||||||
|
Patch9: libxml2-CVE-2019-20388.patch
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: python-rpm-macros
|
BuildRequires: python-rpm-macros
|
||||||
@@ -166,6 +168,7 @@ or manipulate any kind of XML files.
|
|||||||
%patch6 -p1 -R
|
%patch6 -p1 -R
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
|
%patch9 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if !%{with python}
|
%if !%{with python}
|
||||||
|
|||||||
Reference in New Issue
Block a user