On 7 June 2017 at 11:51, Fan Xin <fan....@jp.fujitsu.com> wrote: > > CVE: CVE-2017-8872 > The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers > to cause a denial of service (buffer over-read) or information disclosure. > > External References: > https://bugzilla.gnome.org/show_bug.cgi?id=77520
This should be https://bugzilla.gnome.org/show_bug.cgi?id=775200 I have the same question that was asked in the upstream bug comment 6 about two weeks ago: The patch doesn't seem to have any effect (because the goto will happen anyway since 'avail' is 0), am I missing something? Jussi > > > Signed-off-by: Fan Xin <fan....@jp.fujitsu.com> > --- > .../libxml/libxml2/libxml2-CVE-2017-8872.patch | 23 ++++++++++++++++++++++ > meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + > 2 files changed, 24 insertions(+) > create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch > > diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch > new file mode 100644 > index 0000000..df05e06 > --- /dev/null > +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch > @@ -0,0 +1,23 @@ > +libxml2-2.9.4: Fix CVE-2017-8872 > + > +Bug 775200 - (CVE-2017-8872) global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403) > + - [https://bugzilla.gnome.org/show_bug.cgi?id=775200] > + > +CVE: CVE-2017-8872 > +Upstream-Status: Submitted > + > +Signed-off-by: Fan Xin <fan....@jp.fujitsu.com> > + > +Index: libxml2-2.9.4/HTMLparser.c > +=================================================================== > +--- libxml2-2.9.4.orig/HTMLparser.c > ++++ libxml2-2.9.4/HTMLparser.c > +@@ -5396,6 +5396,8 @@ htmlParseTryOrFinish(htmlParserCtxtPtr c > + ctxt->instate = XML_PARSER_EOF; > + if ((ctxt->sax) && (ctxt->sax->endDocument != NULL)) > + ctxt->sax->endDocument(ctxt->userData); > ++ > ++ goto done; > + } > + } > + if (avail < 1) > diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb > index ea0d3b8..0b4cbca 100644 > --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb > +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb > @@ -24,6 +24,7 @@ SRC_URI = " ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ > file://libxml2-CVE-2016-4658.patch \ > file://libxml2-fix_NULL_pointer_derefs.patch \ > file://CVE-2016-9318.patch \ > + file://libxml2-CVE-2017-8872.patch \ > " > > SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" > -- > 1.9.1 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
