[gnome-continuous-yocto/gnomeostree-3.28-rocko: 3776/8267] libxml2: Fix more NULL pointer derefs

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 3776/8267] libxml2: Fix more NULL pointer derefs
Date: Sun, 17 Dec 2017 01:06:29 +0000 (UTC)

commit 1ffb967de676ce68c8fc97d20611ea3eb6f6786b
Author: Andrej Valek <andrej valek siemens com>
Date:   Mon Dec 12 14:20:21 2016 +0100

    libxml2: Fix more NULL pointer derefs
    
    The NULL pointer dereferencing could produced some
    security problems.
    This is a preventive security fix.
    
    (From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601)
    
    Signed-off-by: Andrej Valek <andrej valek siemens com>
    Signed-off-by: Pascal Bach <pascal bach siemens com>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 .../libxml2/libxml2-fix_NULL_pointer_derefs.patch  |   46 ++++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.4.bb          |    1 +
 2 files changed, 47 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch 
b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
new file mode 100644
index 0000000..83552ca
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
@@ -0,0 +1,46 @@
+libxml2-2.9.4: Fix more NULL pointer derefs
+
+xpointer: Fix more NULL pointer derefs
+
+Upstream-Status: Backported 
[https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
+CVE: -
+Signed-off-by: Andrej Valek <andrej valek siemens com>
+Signed-off-by: Pascal Bach <pascal bach siemens com>
+
+diff --git a/xpointer.c b/xpointer.c
+index 676c510..074db24 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+           /*
+            * Empty set ...
+            */
+-          if (end->nodesetval->nodeNr <= 0)
++          if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
+               return(NULL);
+           break;
+       default:
+@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
+                    */
+                   xmlNodeSetPtr set;
+                   set = tmp->nodesetval;
+-                  if ((set->nodeNr != 1) ||
++                  if ((set == NULL) || (set->nodeNr != 1) ||
+                       (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
+                       stack++;
+               } else
+@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+       xmlXPathFreeObject(set);
+         XP_ERROR(XPATH_MEMORY_ERROR);
+     }
+-    for (i = 0;i < oldset->locNr;i++) {
+-      xmlXPtrLocationSetAdd(newset,
+-              xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
++    if (oldset != NULL) {
++      for (i = 0;i < oldset->locNr;i++) {
++        xmlXPtrLocationSetAdd(newset,
++                xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
++      }
+     }
+ 
+     /*
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index a1d1e9e..ba08c9c 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -22,6 +22,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
            file://libxml2-fix_node_comparison.patch \
            file://libxml2-CVE-2016-5131.patch \
            file://libxml2-CVE-2016-4658.patch \
+           file://libxml2-fix_NULL_pointer_derefs.patch \
           "
 
 SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]