From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.thorsis.com ([92.198.35.195]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jEYjF-0001hO-HX for ptxdist@pengutronix.de; Wed, 18 Mar 2020 14:27:26 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.thorsis.com (Postfix) with ESMTP id D76F624EC for ; Wed, 18 Mar 2020 14:27:23 +0100 (CET) Received: from mail.thorsis.com ([127.0.0.1]) by localhost (mail.thorsis.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k-FTiMVVRwTu for ; Wed, 18 Mar 2020 14:27:19 +0100 (CET) Received: from adahl by ada.ifak-system.com with local (Exim 4.89) (envelope-from ) id 1jEYj6-0002mJ-GQ for ptxdist@pengutronix.de; Wed, 18 Mar 2020 14:27:16 +0100 From: Alexander Dahl Date: Wed, 18 Mar 2020 14:27:16 +0100 Message-Id: <20200318132716.10624-5-ada@thorsis.com> In-Reply-To: <20200318132716.10624-1-ada@thorsis.com> References: <20200318132716.10624-1-ada@thorsis.com> Subject: [ptxdist] [PATCH 4/4] libxml2: Add upstream patch fixing CVE-2019-20388 List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Signed-off-by: Alexander Dahl --- ...mory-leak-in-xmlSchemaValidateStream.patch | 29 +++++++++++++++++++ patches/libxml2-2.9.10/series | 3 +- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch diff --git a/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch b/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch new file mode 100644 index 000000000..1ca086217 --- /dev/null +++ b/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch @@ -0,0 +1,29 @@ +From: Zhipeng Xie +Date: Tue, 20 Aug 2019 16:33:06 +0800 +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream + +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize +vctxt->xsiAssemble to 0 again which cause the alloced schema +can not be freed anymore. + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie +--- + xmlschemas.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index d19de6df5f50..59495c2738ab 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -28095,7 +28095,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { + vctxt->nberrors = 0; + vctxt->depth = -1; + vctxt->skipDepth = -1; +- vctxt->xsiAssemble = 0; + vctxt->hasKeyrefs = 0; + #ifdef ENABLE_IDC_NODE_TABLES_TEST + vctxt->createIDCNodeTables = 1; diff --git a/patches/libxml2-2.9.10/series b/patches/libxml2-2.9.10/series index b8e92fb7a..fed72960d 100644 --- a/patches/libxml2-2.9.10/series +++ b/patches/libxml2-2.9.10/series @@ -2,6 +2,7 @@ #tag:base --start-number 1 #tag:upstream --start-number 1 0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch +0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch #tag:ptx --start-number 200 0200-xml2-config-is-not-SYSROOT-aware.patch -# 0a9081f5db07b8cbb593bc669a7603c7 - git-ptx-patches magic +# d6f49636e8813a3a9e46758f352fc667 - git-ptx-patches magic -- 2.20.1 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de