poky/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch - openbmc/openbmc - Gitiles

 Upstream-Status: Backport
 CVE: CVE-2017-8872
 Signed-off-by: Ross Burton <ross.burton@intel.com>

 From 123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Tue, 11 Sep 2018 14:52:07 +0200
 Subject: [PATCH] Free input buffer in xmlHaltParser

 This avoids miscalculation of available bytes.

 Thanks to Yunho Kim for the report.

 Closes: #26
 ---
  parser.c                     |  5 +++++
  result/errors/759573.xml.err | 17 +++++++----------
  2 files changed, 12 insertions(+), 10 deletions(-)

 diff --git a/parser.c b/parser.c
 index ca9fde2c..5813a664 100644
 --- a/parser.c
 +++ b/parser.c
 @@ -12462,7 +12462,12 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
  	    ctxt->input->free((xmlChar *) ctxt->input->base);
  	    ctxt->input->free = NULL;
  	}
 +        if (ctxt->input->buf != NULL) {
 +            xmlFreeParserInputBuffer(ctxt->input->buf);
 +            ctxt->input->buf = NULL;
 +        }
  	ctxt->input->cur = BAD_CAST"";
 +        ctxt->input->length = 0;
  	ctxt->input->base = ctxt->input->cur;
          ctxt->input->end = ctxt->input->cur;
      }
 diff --git a/result/errors/759573.xml.err b/result/errors/759573.xml.err
 index 554039f6..38ef5c40 100644
 --- a/result/errors/759573.xml.err
 +++ b/result/errors/759573.xml.err
 @@ -21,14 +21,11 @@ Entity: line 1:
              ^
  ./test/errors/759573.xml:1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration

 -<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
 -     ^
 +
 +^
  ./test/errors/759573.xml:1: parser error : DOCTYPE improperly terminated
 -<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
 -     ^
 -./test/errors/759573.xml:1: parser error : StartTag: invalid element name
 -<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
 -      ^
 -./test/errors/759573.xml:1: parser error : Extra content at the end of the document
 -<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
 -      ^
 +
 +^
 +./test/errors/759573.xml:1: parser error : Start tag expected, '<' not found
 +
 +^
 --
 2.11.0
	Upstream-Status: Backport
	CVE: CVE-2017-8872
	Signed-off-by: Ross Burton <ross.burton@intel.com>

	From 123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 Mon Sep 17 00:00:00 2001
	From: Nick Wellnhofer <wellnhofer@aevum.de>
	Date: Tue, 11 Sep 2018 14:52:07 +0200
	Subject: [PATCH] Free input buffer in xmlHaltParser

	This avoids miscalculation of available bytes.

	Thanks to Yunho Kim for the report.

	Closes: #26
	---
	parser.c \| 5 +++++
	result/errors/759573.xml.err \| 17 +++++++----------
	2 files changed, 12 insertions(+), 10 deletions(-)

	diff --git a/parser.c b/parser.c
	index ca9fde2c..5813a664 100644
	--- a/parser.c
	+++ b/parser.c
	@@ -12462,7 +12462,12 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
	ctxt->input->free((xmlChar *) ctxt->input->base);
	ctxt->input->free = NULL;
	}
	+ if (ctxt->input->buf != NULL) {
	+ xmlFreeParserInputBuffer(ctxt->input->buf);
	+ ctxt->input->buf = NULL;
	+ }
	ctxt->input->cur = BAD_CAST"";
	+ ctxt->input->length = 0;
	ctxt->input->base = ctxt->input->cur;
	ctxt->input->end = ctxt->input->cur;
	}
	diff --git a/result/errors/759573.xml.err b/result/errors/759573.xml.err
	index 554039f6..38ef5c40 100644
	--- a/result/errors/759573.xml.err
	+++ b/result/errors/759573.xml.err
	@@ -21,14 +21,11 @@ Entity: line 1:
	^
	./test/errors/759573.xml:1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration

	-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00
	- ^
	+
	+^
	./test/errors/759573.xml:1: parser error : DOCTYPE improperly terminated
	-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00
	- ^
	-./test/errors/759573.xml:1: parser error : StartTag: invalid element name
	-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00
	- ^
	-./test/errors/759573.xml:1: parser error : Extra content at the end of the document
	-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00
	- ^
	+
	+^
	+./test/errors/759573.xml:1: parser error : Start tag expected, '<' not found
	+
	+^
	--
	2.11.0