rpms / libxslt

Clone
Source Code
GIT

Blame SOURCES/libxslt-1.1.28-CVE-2019-18197.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   fa4829ee0035c12bb26547399ed439042fa9319c
  2.   SOURCES
  3.   libxslt-1.1.28-CVE-2019-18197.patch
Blob History Raw
fa4829 
From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
fa4829 
From: Nick Wellnhofer <wellnhofer@aevum.de>
fa4829 
Date: Sat, 17 Aug 2019 16:51:53 +0200
fa4829 
Subject: [PATCH] Fix dangling pointer in xsltCopyText
fa4829
fa4829 
xsltCopyText didn't reset ctxt->lasttext in some cases which could
fa4829 
lead to various memory errors in relation with CDATA sections in input
fa4829 
documents.
fa4829
fa4829 
Found by OSS-Fuzz.
fa4829 
---
fa4829 
 libxslt/transform.c | 2 ++
fa4829 
 1 file changed, 2 insertions(+)
fa4829
fa4829 
diff --git a/libxslt/transform.c b/libxslt/transform.c
fa4829 
index 95ebd073..d7ab0b66 100644
fa4829 
--- a/libxslt/transform.c
fa4829 
+++ b/libxslt/transform.c
fa4829 
@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
fa4829 
 	    if ((copy->content = xmlStrdup(cur->content)) == NULL)
fa4829 
 		return NULL;
fa4829 
 	}
fa4829 
+
fa4829 
+	ctxt->lasttext = NULL;
fa4829 
     } else {
fa4829 
         /*
fa4829 
 	 * normal processing. keep counters to extend the text node
fa4829 
--
fa4829 
2.22.0
fa4829

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation