From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2019-20388
Date: Mon, 17 Feb 2020 20:39:08 +0100 [thread overview]
Message-ID: <20200217203908.19c223e9@windsurf> (raw)
In-Reply-To: <20200217121626.31154-1-patrickdepinguin@gmail.com>
Hello,
On Mon, 17 Feb 2020 13:16:25 +0100
Thomas De Schampheleire <patrickdepinguin@gmail.com> wrote:
> From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
>
> Fixes CVE-2019-20388: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10
> allows an xmlSchemaValidateStream memory leak.
>
> Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
> ---
> ...mory-leak-in-xmlSchemaValidateStream.patch | 33 +++++++++++++++++++
> 1 file changed, 33 insertions(+)
> create mode 100644 package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
>
> diff --git a/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch b/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> new file mode 100644
> index 0000000000..49ff6fbe00
> --- /dev/null
> +++ b/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> @@ -0,0 +1,33 @@
> +From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
> +From: Zhipeng Xie <xiezhipeng1@huawei.com>
> +Date: Tue, 20 Aug 2019 16:33:06 +0800
> +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
> +
> +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
> +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
> +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
> +vctxt->xsiAssemble to 0 again which cause the alloced schema
> +can not be freed anymore.
> +
> +Found with libFuzzer.
> +
> +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
Thanks Thomas for sending security patches! :-)
We request patches to have a SoB line from the person submitting them.
Could you add your SoB here ?
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2020-02-17 19:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-17 12:16 [Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2019-20388 Thomas De Schampheleire
2020-02-17 19:39 ` Thomas Petazzoni [this message]
2020-02-18 9:32 ` Thomas De Schampheleire
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200217203908.19c223e9@windsurf \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox