rpms / libxslt

Clone
Source Code
GIT

Blame SOURCES/libxslt-1.1.32-CVE-2019-18197.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c6f69860a0fd8fff4feb44f73d8a6bd4a52859b3
  2.   SOURCES
  3.   libxslt-1.1.32-CVE-2019-18197.patch
Blob History Raw
7e273a 
From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
7e273a 
From: Nick Wellnhofer <wellnhofer@aevum.de>
7e273a 
Date: Sat, 17 Aug 2019 16:51:53 +0200
7e273a 
Subject: [PATCH] Fix dangling pointer in xsltCopyText
7e273a
7e273a 
xsltCopyText didn't reset ctxt->lasttext in some cases which could
7e273a 
lead to various memory errors in relation with CDATA sections in input
7e273a 
documents.
7e273a
7e273a 
Found by OSS-Fuzz.
7e273a 
---
7e273a 
 libxslt/transform.c | 2 ++
7e273a 
 1 file changed, 2 insertions(+)
7e273a
7e273a 
diff --git a/libxslt/transform.c b/libxslt/transform.c
7e273a 
index 95ebd073..d7ab0b66 100644
7e273a 
--- a/libxslt/transform.c
7e273a 
+++ b/libxslt/transform.c
7e273a 
@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
7e273a 
 	    if ((copy->content = xmlStrdup(cur->content)) == NULL)
7e273a 
 		return NULL;
7e273a 
 	}
7e273a 
+
7e273a 
+	ctxt->lasttext = NULL;
7e273a 
     } else {
7e273a 
         /*
7e273a 
 	 * normal processing. keep counters to extend the text node
7e273a 
--
7e273a 
2.22.0
7e273a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation