rpms / libxml2

Clone
Source Code
GIT

Blame SOURCES/libxml2-2.9.1-CVE-2015-8035.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   libxml2-2.9.1-CVE-2015-8035.patch
Blob History Raw
83ebca 
From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
83ebca 
From: Daniel Veillard <veillard@redhat.com>
83ebca 
Date: Tue, 3 Nov 2015 15:31:25 +0800
83ebca 
Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
83ebca
83ebca 
For https://bugzilla.gnome.org/show_bug.cgi?id=757466
83ebca 
DoS when parsing specially crafted XML document if XZ support
83ebca 
is compiled in (which wasn't the case for 2.9.2 and master since
83ebca 
Nov 2013, fixed in next commit !)
83ebca 
---
83ebca 
 xzlib.c | 4 ++++
83ebca 
 1 file changed, 4 insertions(+)
83ebca
83ebca 
diff --git a/xzlib.c b/xzlib.c
83ebca 
index 0dcb9f48..1fab5463 100644
83ebca 
--- a/xzlib.c
83ebca 
+++ b/xzlib.c
83ebca 
@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
83ebca 
             xz_error(state, LZMA_DATA_ERROR, "compressed data error");
83ebca 
             return -1;
83ebca 
         }
83ebca 
+        if (ret == LZMA_PROG_ERROR) {
83ebca 
+            xz_error(state, LZMA_PROG_ERROR, "compression error");
83ebca 
+            return -1;
83ebca 
+        }
83ebca 
     } while (strm->avail_out && ret != LZMA_STREAM_END);
83ebca
83ebca 
     /* update available output and crc check value */
83ebca 
--
83ebca 
2.22.0
83ebca

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation