[OE-core] [PATCH v2 2/2] libxml2: Fix CVE-2019-20388
Mittal, Anuj
anuj.mittal at intel.com
Fri Feb 14 16:00:51 UTC 2020
On Fri, 2020-02-14 at 19:28 +0800, chee.yang.lee at intel.com wrote:
> From: Lee Chee Yang <chee.yang.lee at intel.com>
>
> see:
> https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
>
> Signed-off-by: Lee Chee Yang <chee.yang.lee at intel.com>
> ---
> .../libxml/libxml2/CVE-2019-20388.patch | 37
> ++++++++++++++++++++++
> meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 +
> 2 files changed, 38 insertions(+)
> create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2019-
> 20388.patch
>
> diff --git a/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch
> b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch
> new file mode 100644
> index 0000000..4ee2d4f
> --- /dev/null
> +++ b/meta/recipes-core/libxml/libxml2/CVE-2019-20388.patch
> @@ -0,0 +1,37 @@
> +From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00
> 2001
> +From: Zhipeng Xie <xiezhipeng1 at huawei.com>
> +Date: Tue, 20 Aug 2019 16:33:06 +0800
> +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
> +
> +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
> +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
> +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
> +vctxt->xsiAssemble to 0 again which cause the alloced schema
> +can not be freed anymore.
> +
> +Found with libFuzzer.
> +
> +Upstream-Status: Accepted [
> https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a
> ]
The status here should be Backport.
Thanks,
Anuj
> +CVE: CVE-2019-20388
> +
> +Signed-off-by: Zhipeng Xie <xiezhipeng1 at huawei.com>
> +Signed-off-by: Lee Chee Yang <chee.yang.lee at intel.com>
> +---
> + xmlschemas.c | 1 -
> + 1 file changed, 1 deletion(-)
> +
> +diff --git a/xmlschemas.c b/xmlschemas.c
> +index 301c8449..39d92182 100644
> +--- a/xmlschemas.c
> ++++ b/xmlschemas.c
> +@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt)
> {
> + vctxt->nberrors = 0;
> + vctxt->depth = -1;
> + vctxt->skipDepth = -1;
> +- vctxt->xsiAssemble = 0;
> + vctxt->hasKeyrefs = 0;
> + #ifdef ENABLE_IDC_NODE_TABLES_TEST
> + vctxt->createIDCNodeTables = 1;
> +--
> +2.24.1
> +
> diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb
> b/meta/recipes-core/libxml/libxml2_2.9.10.bb
> index 6a4097c..097aceb 100644
> --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
> +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
> @@ -21,6 +21,7 @@ SRC_URI = "
> http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
> file://0001-Make-ptest-run-the-python-tests-if-python-is-
> enabled.patch \
> file://fix-execution-of-ptests.patch \
> file://CVE-2020-7595.patch \
> + file://CVE-2019-20388.patch \
> "
>
> SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
> --
> 2.7.4
>
More information about the Openembedded-core
mailing list