code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Andrej Valek <andrej.valek@siemens.com>
	Thu, 9 Aug 2018 08:06:37 +0000 (10:06 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 14 Aug 2018 10:36:22 +0000 (11:36 +0100)
commit	69315177732a1d260a3315fe8c4c4c44653ae0c8
tree	c6c523b8aba186abafad073abfa0ee7dead5ec2e	tree \| snapshot
parent	b3fe71af20997921360b6ac7d100b5baf9708d53	commit \| diff

libxml2: Fix CVE-2018-14404

Fix nullptr deref with XPath logic ops

If the XPath stack is corrupted, for example by a misbehaving extension
function, the "and" and "or" XPath operators could dereference NULL
pointers. Check that the XPath stack isn't empty and optimize the
logic operators slightly.

CVE: CVE-2018-14404
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-core/libxml/libxml2/fix-CVE-2018-14404.patch	[new file with mode: 0644]	blob
meta/recipes-core/libxml/libxml2_2.9.8.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom