libxml2: Fix for CVE-2022-49043

author Vijay Anusuri <vanusuri@mvista.com>

Thu, 13 Feb 2025 06:54:47 +0000 (12:24 +0530)

committer Steve Sakoman <steve@sakoman.com>

Wed, 19 Feb 2025 14:43:20 +0000 (06:43 -0800)
author Vijay Anusuri <vanusuri@mvista.com>
Thu, 13 Feb 2025 06:54:47 +0000 (12:24 +0530)
committer Steve Sakoman <steve@sakoman.com>
Wed, 19 Feb 2025 14:43:20 +0000 (06:43 -0800)
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch

new file mode 100644 (file)

index 0000000..25c7bc8
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch
@@ -0,0 +1,38 @@
+From 5a19e21605398cef6a8b1452477a8705cb41562b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 2 Nov 2022 16:13:27 +0100
+Subject: [PATCH] malloc-fail: Fix use-after-free in xmlXIncludeAddNode
+
+Found with libFuzzer, see #344.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b]
+CVE: CVE-2022-49043
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xinclude.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/xinclude.c b/xinclude.c
+index e5fdf0f..36fa8ec 100644
+--- a/xinclude.c
++++ b/xinclude.c
+@@ -612,14 +612,15 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur) {
+     }
+     URL = xmlSaveUri(uri);
+     xmlFreeURI(uri);
+-    xmlFree(URI);
+     if (URL == NULL) {
+       xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI,
+                      "invalid value URI %s\n", URI);
+       if (fragment != NULL)
+           xmlFree(fragment);
++      xmlFree(URI);
+       return(-1);
+     }
++    xmlFree(URI);
+ 
+     if (xmlStrEqual(URL, ctxt->doc->URL))
+       local = 1;
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb

index 94b3b510ae29f1f8847266b4cb51cd20b591b362..ecaae0b436303e97dc3163a7d170c021b8f40240 100644 (file)
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -33,6 +33,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
             file://CVE-2023-45322-2.patch \
             file://CVE-2024-25062.patch \
             file://CVE-2024-34459.patch \
+           file://CVE-2022-49043.patch \
             "
  
  SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
author	Vijay Anusuri <vanusuri@mvista.com>
	Thu, 13 Feb 2025 06:54:47 +0000 (12:24 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 19 Feb 2025 14:43:20 +0000 (06:43 -0800)
meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch	[new file with mode: 0644]	patch \| blob
meta/recipes-core/libxml/libxml2_2.9.14.bb		patch \| blob \| blame \| history