cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-29 06:58:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
lede-17.01
packages/libs/libxml2/patches/0008-Fix-attribute-decoding-during-XML-schema-validation.patch
T
Sebastian Kemper a5bbf27e35 libxml2: add Debian patches to address CVEs 
Debian uses libxml2 2.9.4 in Stretch. This adds their security related
fixes from 2.9.4+dfsg1-2.2+deb9u2 to LEDE's 17.01 release.

Fixed CVEs:

CVE-2016-4658
CVE-2016-5131
CVE-2017-0663
CVE-2017-15412
CVE-2017-7375
CVE-2017-7376
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-08-21 20:42:56 +02:00

67 lines
2.3 KiB
Diff
Raw Permalink Blame History

From 256366ed60f8795279b25f7b7b55e8089b4c6ff4 Mon Sep 17 00:00:00 2001
From: Alex Henrie <alexhenrie24@gmail.com>
Date: Thu, 26 May 2016 17:38:35 -0600
Subject: [PATCH] Fix attribute decoding during XML schema validation
For https://bugzilla.gnome.org/show_bug.cgi?id=766834
vctxt->parserCtxt is always NULL in xmlSchemaSAXHandleStartElementNs,
so this function can't call xmlStringLenDecodeEntities to decode the
entities.
---
xmlschemas.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/xmlschemas.c b/xmlschemas.c
index e1b3a4f..59535e5 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -27391,6 +27391,7 @@ xmlSchemaSAXHandleStartElementNs(void *ctx,
* attributes yet.
*/
if (nb_attributes != 0) {
+ int valueLen, k, l;
xmlChar *value;
for (j = 0, i = 0; i < nb_attributes; i++, j += 5) {
@@ -27400,12 +27401,31 @@ xmlSchemaSAXHandleStartElementNs(void *ctx,
* libxml2 differs from normal SAX here in that it escapes all ampersands
* as &#38; instead of delivering the raw converted string. Changing the
* behavior at this point would break applications that use this API, so
- * we are forced to work around it. There is no danger of accidentally
- * decoding some entity other than &#38; in this step because without
- * unescaped ampersands there can be no other entities in the string.
+ * we are forced to work around it.
*/
- value = xmlStringLenDecodeEntities(vctxt->parserCtxt, attributes[j+3],
- attributes[j+4] - attributes[j+3], XML_SUBSTITUTE_REF, 0, 0, 0);
+ valueLen = attributes[j+4] - attributes[j+3];
+ value = xmlMallocAtomic(valueLen + 1);
+ if (value == NULL) {
+ xmlSchemaVErrMemory(vctxt,
+ "allocating string for decoded attribute",
+ NULL);
+ goto internal_error;
+ }
+ for (k = 0, l = 0; k < valueLen; l++) {
+ if (k < valueLen - 4 &&
+ attributes[j+3][k+0] == '&' &&
+ attributes[j+3][k+1] == '#' &&
+ attributes[j+3][k+2] == '3' &&
+ attributes[j+3][k+3] == '8' &&
+ attributes[j+3][k+4] == ';') {
+ value[l] = '&';
+ k += 5;
+ } else {
+ value[l] = attributes[j+3][k];
+ k++;
+ }
+ }
+ value[l] = '\0';
/*
* TODO: Set the node line.
*/
--
2.8.3
Reference in New Issue View Git Blame Copy Permalink