diff options
| author | Koop Mast <kwm@FreeBSD.org> | 2016-08-28 19:18:20 +0000 |
|---|---|---|
| committer | Koop Mast <kwm@FreeBSD.org> | 2016-08-28 19:18:20 +0000 |
| commit | 08c94c030053e6ee30f2fe18e5fff665e8556ca8 (patch) | |
| tree | 17ce07728e75e9425a68b3f5ef22267182c42344 /textproc/libxml2/files | |
| parent | Document libxml2 vulnabilities. (diff) | |
Update libxml2 to 2.9.4.
Add license block.
Pull extra patch to fix NULL pointer deref. [1]
Changelog: https://mail.gnome.org/archives/xml/2016-May/msg00023.html
PR: 209806
Submitted by: pi@
Obtained from: upstream [1]
MFH: 2016Q3
Security: e195679d-045b-4953-bb33-be0073ba2ac6
Notes
Notes:
svn path=/head/; revision=421031
Diffstat (limited to 'textproc/libxml2/files')
| -rw-r--r-- | textproc/libxml2/files/patch-d8083bf | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/textproc/libxml2/files/patch-d8083bf b/textproc/libxml2/files/patch-d8083bf new file mode 100644 index 000000000000..57f52f86392b --- /dev/null +++ b/textproc/libxml2/files/patch-d8083bf @@ -0,0 +1,57 @@ +From d8083bf77955b7879c1290f0c0a24ab8cc70f7fb Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 25 Jun 2016 12:35:50 +0200 +Subject: Fix NULL pointer deref in XPointer range-to + +- Check for errors after evaluating first operand. +- Add sanity check for empty stack. + +Found with afl-fuzz. +--- + result/XPath/xptr/viderror | 4 ++++ + test/XPath/xptr/viderror | 1 + + xpath.c | 7 ++++++- + 3 files changed, 11 insertions(+), 1 deletion(-) + create mode 100644 result/XPath/xptr/viderror + create mode 100644 test/XPath/xptr/viderror + +diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror +new file mode 100644 +index 0000000..d589882 +--- /dev/null ++++ result/XPath/xptr/viderror +@@ -0,0 +1,4 @@ ++ ++======================== ++Expression: xpointer(non-existing-fn()/range-to(id('chapter2'))) ++Object is empty (NULL) +diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror +new file mode 100644 +index 0000000..da8c53b +--- /dev/null ++++ test/XPath/xptr/viderror +@@ -0,0 +1 @@ ++xpointer(non-existing-fn()/range-to(id('chapter2'))) +diff --git a/xpath.c b/xpath.c +index 113bce6..751665b 100644 +--- xpath.c ++++ xpath.c +@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + xmlNodeSetPtr oldset; + int i, j; + +- if (op->ch1 != -1) ++ if (op->ch1 != -1) { + total += + xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); ++ CHECK_ERROR0; ++ } ++ if (ctxt->value == NULL) { ++ XP_ERROR0(XPATH_INVALID_OPERAND); ++ } + if (op->ch2 == -1) + return (total); + +-- +cgit v0.12 + |