From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
In-Reply-To: <20200318132716.10624-4-ada@thorsis.com>
MIME-Version: 1.0
Message-Id: <E1jHlf7-0000Ef-C4@dude02.lab.pengutronix.de>
From: Michael Olbrich <mol@pengutronix.de>
Date: Fri, 27 Mar 2020 10:52:25 +0100
Subject: Re: [ptxdist] [3/4] libxml2: Add upstream patch fixing CVE-2020-7595
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Alexander Dahl <ada@thorsis.com>

Thanks, applied.

Michael

[sent from post-receive hook]

On Fri, 27 Mar 2020 10:52:25 +0100, Alexander Dahl <ada@thorsis.com> wrote:
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> ---
>  ...e-loop-in-xmlStringLenDecodeEntities.patch | 28 +++++++++++++++++++
>  patches/libxml2-2.9.10/series                 |  4 ++-
>  2 files changed, 31 insertions(+), 1 deletion(-)
>  create mode 100644 patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
> 
> diff --git a/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch b/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
> new file mode 100644
> index 000000000..59c864731
> --- /dev/null
> +++ b/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
> @@ -0,0 +1,28 @@
> +From: Zhipeng Xie <xiezhipeng1@huawei.com>
> +Date: Thu, 12 Dec 2019 17:30:55 +0800
> +Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
> +
> +When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
> +return NULL which cause a infinite loop in xmlStringLenDecodeEntities
> +
> +Found with libFuzzer.
> +
> +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
> +---
> + parser.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/parser.c b/parser.c
> +index d1c319631fc9..a34bb6cdd81b 100644
> +--- a/parser.c
> ++++ b/parser.c
> +@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
> +     else
> +         c = 0;
> +     while ((c != 0) && (c != end) && /* non input consuming loop */
> +-	   (c != end2) && (c != end3)) {
> ++           (c != end2) && (c != end3) &&
> ++           (ctxt->instate != XML_PARSER_EOF)) {
> + 
> + 	if (c == 0) break;
> +         if ((c == '&') && (str[1] == '#')) {
> diff --git a/patches/libxml2-2.9.10/series b/patches/libxml2-2.9.10/series
> index 198075fbf..b8e92fb7a 100644
> --- a/patches/libxml2-2.9.10/series
> +++ b/patches/libxml2-2.9.10/series
> @@ -1,5 +1,7 @@
>  # generated by git-ptx-patches
>  #tag:base --start-number 1
> +#tag:upstream --start-number 1
> +0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
>  #tag:ptx --start-number 200
>  0200-xml2-config-is-not-SYSROOT-aware.patch
> -# 9a7de85eef8cb30919e83bc9b2e42cd9  - git-ptx-patches magic
> +# 0a9081f5db07b8cbb593bc669a7603c7  - git-ptx-patches magic
> 

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de