]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 24ac12e) | patch
libxml2: Fix CVE-2017-8872
authorHongxu Jia <hongxu.jia@windriver.com>
Wed, 23 Aug 2017 08:30:45 +0000 (04:30 -0400)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 27 Aug 2017 21:29:44 +0000 (22:29 +0100)
commita615b0825927a09a0aa8312d131c9acbaef8956d
tree533081e23279ccd1eee941de50234dff7be095a3tree | snapshot
parent24ac12ecb19efc7c131c9711ba32e298ba860eb7commit | diff
libxml2: Fix CVE-2017-8872

fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403)

https://bugzilla.gnome.org/show_bug.cgi?id=775200

Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address"
...
export CC="clang"
export CFLAGS="-fsanitize=address"

./configure --disable-shared

make clean all -j

wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc

./xmllint --html --push poc
==2785==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08
READ of size 1 at 0x000000a0de21 thread T0    #0 0x6a7f6d
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d)    #1 0x6a7356
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356)    #2 0x4f4504
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504)    #3 0x4f045e
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e)    #4 0x7f81977d682f
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)    #5 0x419ad8
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8)
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch [new file with mode: 0644] blob
meta/recipes-core/libxml/libxml2_2.9.4.bb diff | blob | history
Mirror of the official openembedded-core repository