xzyang / rpms / libxml2

Forked from rpms/libxml2 3 years ago
Clone

Blame SOURCES/libxml2-2.9.7-CVE-2021-3516.patch

bc5a00
From 1358d157d0bd83be1dfe356a69213df9fac0b539 Mon Sep 17 00:00:00 2001
bc5a00
From: Nick Wellnhofer <wellnhofer@aevum.de>
bc5a00
Date: Wed, 21 Apr 2021 13:23:27 +0200
bc5a00
Subject: [PATCH] Fix use-after-free with `xmllint --html --push`
bc5a00
bc5a00
Call htmlCtxtUseOptions to make sure that names aren't stored in
bc5a00
dictionaries.
bc5a00
bc5a00
Note that this issue only affects xmllint using the HTML push parser.
bc5a00
bc5a00
Fixes #230.
bc5a00
---
bc5a00
 xmllint.c | 2 +-
bc5a00
 1 file changed, 1 insertion(+), 1 deletion(-)
bc5a00
bc5a00
diff --git a/xmllint.c b/xmllint.c
bc5a00
index 6ca1bf54..dbef273a 100644
bc5a00
--- a/xmllint.c
bc5a00
+++ b/xmllint.c
bc5a00
@@ -2213,7 +2213,7 @@ static void parseAndPrintFile(char *filename, xmlParserCtxtPtr rectxt) {
bc5a00
             if (res > 0) {
bc5a00
                 ctxt = htmlCreatePushParserCtxt(NULL, NULL,
bc5a00
                             chars, res, filename, XML_CHAR_ENCODING_NONE);
bc5a00
-                xmlCtxtUseOptions(ctxt, options);
bc5a00
+                htmlCtxtUseOptions(ctxt, options);
bc5a00
                 while ((res = fread(chars, 1, pushsize, f)) > 0) {
bc5a00
                     htmlParseChunk(ctxt, chars, res, 0);
bc5a00
                 }
bc5a00
-- 
bc5a00
GitLab
bc5a00