rpms / libxml2

Clone
Source Code
GIT

Blame SOURCES/libxml2-2.9.1-CVE-2015-8035.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   libxml2-2.9.1-CVE-2015-8035.patch
Blob History Raw
8a784f 
From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
8a784f 
From: Daniel Veillard <veillard@redhat.com>
8a784f 
Date: Tue, 3 Nov 2015 15:31:25 +0800
8a784f 
Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
8a784f
8a784f 
For https://bugzilla.gnome.org/show_bug.cgi?id=757466
8a784f 
DoS when parsing specially crafted XML document if XZ support
8a784f 
is compiled in (which wasn't the case for 2.9.2 and master since
8a784f 
Nov 2013, fixed in next commit !)
8a784f 
---
8a784f 
 xzlib.c | 4 ++++
8a784f 
 1 file changed, 4 insertions(+)
8a784f
8a784f 
diff --git a/xzlib.c b/xzlib.c
8a784f 
index 0dcb9f48..1fab5463 100644
8a784f 
--- a/xzlib.c
8a784f 
+++ b/xzlib.c
8a784f 
@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
8a784f 
             xz_error(state, LZMA_DATA_ERROR, "compressed data error");
8a784f 
             return -1;
8a784f 
         }
8a784f 
+        if (ret == LZMA_PROG_ERROR) {
8a784f 
+            xz_error(state, LZMA_PROG_ERROR, "compression error");
8a784f 
+            return -1;
8a784f 
+        }
8a784f 
     } while (strm->avail_out && ret != LZMA_STREAM_END);
8a784f
8a784f 
     /* update available output and crc check value */
8a784f 
--
8a784f 
2.22.0
8a784f

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation