rpms / libxslt

Clone
Source Code
GIT

Blame SOURCES/libxslt-1.1.32-CVE-2019-18197.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   libxslt-1.1.32-CVE-2019-18197.patch
Blob History Raw
7feb73 
From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
7feb73 
From: Nick Wellnhofer <wellnhofer@aevum.de>
7feb73 
Date: Sat, 17 Aug 2019 16:51:53 +0200
7feb73 
Subject: [PATCH] Fix dangling pointer in xsltCopyText
7feb73
7feb73 
xsltCopyText didn't reset ctxt->lasttext in some cases which could
7feb73 
lead to various memory errors in relation with CDATA sections in input
7feb73 
documents.
7feb73
7feb73 
Found by OSS-Fuzz.
7feb73 
---
7feb73 
 libxslt/transform.c | 2 ++
7feb73 
 1 file changed, 2 insertions(+)
7feb73
7feb73 
diff --git a/libxslt/transform.c b/libxslt/transform.c
7feb73 
index 95ebd073..d7ab0b66 100644
7feb73 
--- a/libxslt/transform.c
7feb73 
+++ b/libxslt/transform.c
7feb73 
@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
7feb73 
 	    if ((copy->content = xmlStrdup(cur->content)) == NULL)
7feb73 
 		return NULL;
7feb73 
 	}
7feb73 
+
7feb73 
+	ctxt->lasttext = NULL;
7feb73 
     } else {
7feb73 
         /*
7feb73 
 	 * normal processing. keep counters to extend the text node
7feb73 
--
7feb73 
2.22.0
7feb73

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation