[Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2019-20388

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2019-20388
@ 2020-02-17 12:16 Thomas De Schampheleire
  2020-02-17 19:39 ` Thomas Petazzoni
  0 siblings, 1 reply; 3+ messages in thread
From: Thomas De Schampheleire @ 2020-02-17 12:16 UTC (permalink / raw)
  To: buildroot

From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>

Fixes CVE-2019-20388: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10
allows an xmlSchemaValidateStream memory leak.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
---
 ...mory-leak-in-xmlSchemaValidateStream.patch | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch

diff --git a/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch b/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
new file mode 100644
index 0000000000..49ff6fbe00
--- /dev/null
+++ b/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
@@ -0,0 +1,33 @@
+From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c8449..39d92182 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+     vctxt->nberrors = 0;
+     vctxt->depth = -1;
+     vctxt->skipDepth = -1;
+-    vctxt->xsiAssemble = 0;
+     vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+     vctxt->createIDCNodeTables = 1;
+-- 
+2.24.1
+
-- 
2.24.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2019-20388
  2020-02-17 12:16 [Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2019-20388 Thomas De Schampheleire
@ 2020-02-17 19:39 ` Thomas Petazzoni
  2020-02-18  9:32   ` Thomas De Schampheleire
  0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni @ 2020-02-17 19:39 UTC (permalink / raw)
  To: buildroot

Hello,

On Mon, 17 Feb 2020 13:16:25 +0100
Thomas De Schampheleire <patrickdepinguin@gmail.com> wrote:

> From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
> 
> Fixes CVE-2019-20388: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10
> allows an xmlSchemaValidateStream memory leak.
> 
> Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
> ---
>  ...mory-leak-in-xmlSchemaValidateStream.patch | 33 +++++++++++++++++++
>  1 file changed, 33 insertions(+)
>  create mode 100644 package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> 
> diff --git a/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch b/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> new file mode 100644
> index 0000000000..49ff6fbe00
> --- /dev/null
> +++ b/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> @@ -0,0 +1,33 @@
> +From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
> +From: Zhipeng Xie <xiezhipeng1@huawei.com>
> +Date: Tue, 20 Aug 2019 16:33:06 +0800
> +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
> +
> +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
> +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
> +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
> +vctxt->xsiAssemble to 0 again which cause the alloced schema
> +can not be freed anymore.
> +
> +Found with libFuzzer.
> +
> +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>

Thanks Thomas for sending security patches! :-)

We request patches to have a SoB line from the person submitting them.
Could you add your SoB here ?

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2019-20388
  2020-02-17 19:39 ` Thomas Petazzoni
@ 2020-02-18  9:32   ` Thomas De Schampheleire
  0 siblings, 0 replies; 3+ messages in thread
From: Thomas De Schampheleire @ 2020-02-18  9:32 UTC (permalink / raw)
  To: buildroot

El lun., 17 feb. 2020 a las 20:39, Thomas Petazzoni
(<thomas.petazzoni@bootlin.com>) escribi?:
>
> Hello,
>
> On Mon, 17 Feb 2020 13:16:25 +0100
> Thomas De Schampheleire <patrickdepinguin@gmail.com> wrote:
>
> > From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
> >
> > Fixes CVE-2019-20388: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10
> > allows an xmlSchemaValidateStream memory leak.
> >
> > Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
> > ---
> >  ...mory-leak-in-xmlSchemaValidateStream.patch | 33 +++++++++++++++++++
> >  1 file changed, 33 insertions(+)
> >  create mode 100644 package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> >
> > diff --git a/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch b/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> > new file mode 100644
> > index 0000000000..49ff6fbe00
> > --- /dev/null
> > +++ b/package/libxml2/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> > @@ -0,0 +1,33 @@
> > +From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
> > +From: Zhipeng Xie <xiezhipeng1@huawei.com>
> > +Date: Tue, 20 Aug 2019 16:33:06 +0800
> > +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
> > +
> > +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
> > +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
> > +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
> > +vctxt->xsiAssemble to 0 again which cause the alloced schema
> > +can not be freed anymore.
> > +
> > +Found with libFuzzer.
> > +
> > +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
>
> Thanks Thomas for sending security patches! :-)

:-)

>
> We request patches to have a SoB line from the person submitting them.
> Could you add your SoB here ?
>

Sorry, v2 coming up...

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-02-18  9:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-17 12:16 [Buildroot] [PATCH] package/libxml2: add upstream security fix for CVE-2019-20388 Thomas De Schampheleire
2020-02-17 19:39 ` Thomas Petazzoni
2020-02-18  9:32   ` Thomas De Schampheleire

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox