[OE-core][kirkstone 12/22] libxml2: patch CVE-2024-56171

Steve Sakoman Tue, 25 Feb 2025 06:36:20 -0800

From: Peter Marko <peter.ma...@siemens.com>

Pick commit from 2.12 branch.


Signed-off-by: Peter Marko <peter.ma...@siemens.com>
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
 .../libxml/libxml2/CVE-2024-56171.patch       | 42 +++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |  1 +
 2 files changed, 43 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch
new file mode 100644
index 0000000000..6c7b1c11e7
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch
@@ -0,0 +1,42 @@
+From 245b70d7d2768572ae1b05b3668ca858b9ec4ed4 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnho...@aevum.de>
+Date: Tue, 10 Dec 2024 16:52:05 +0100
+Subject: [PATCH] [CVE-2024-56171] Fix use-after-free after
+ xmlSchemaItemListAdd
+
+xmlSchemaItemListAdd can reallocate the items array. Update local
+variables after adding item in
+
+- xmlSchemaIDCFillNodeTables
+- xmlSchemaBubbleIDCNodeTables
+
+Fixes #828.
+
+CVE: CVE-2024-56171
+Upstream-Status: Backport 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/245b70d7d2768572ae1b05b3668ca858b9ec4ed4]
+Signed-off-by: Peter Marko <peter.ma...@siemens.com>
+---
+ xmlschemas.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index a089ebc5..18e35e75 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -23647,6 +23647,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+                       }
+                       if (xmlSchemaItemListAdd(bind->dupls, 
bind->nodeTable[j]) == -1)
+                           goto internal_error;
++                        dupls = (xmlSchemaPSVIIDCNodePtr *) 
bind->dupls->items;
+                       /*
+                       * Remove the duplicate entry from the IDC node-table.
+                       */
+@@ -23863,6 +23864,8 @@ xmlSchemaBubbleIDCNodeTables(xmlSchemaValidCtxtPtr 
vctxt)
+                               goto internal_error;
+                       }
+                       xmlSchemaItemListAdd(parBind->dupls, parNode);
++                      dupls = (xmlSchemaPSVIIDCNodePtr *)
++                            parBind->dupls->items;
+                   } else {
+                       /*
+                       * Add the node-table entry (node and key-sequence) of
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb 
b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 912bcfd0f3..e9578ceb59 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -35,6 +35,7 @@ SRC_URI += 
"http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
            file://CVE-2024-34459.patch \
            file://CVE-2022-49043.patch \
            file://0001-pattern-Fix-compilation-of-explicit-child-axis.patch \
+           file://CVE-2024-56171.patch \
            "
 
 SRC_URI[archive.sha256sum] = 
"60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
-- 
2.43.0

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#211897): 
https://lists.openembedded.org/g/openembedded-core/message/211897
Mute This Topic: https://lists.openembedded.org/mt/111377459/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 12/22] libxml2: patch CVE-2024-56171

Reply via email to