صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
PUBLIC_REPOS
/
buildroot
mirrorاز git://git.buildroot.net/buildroot
2
1
انشعاب 0
پرونده‌ها
فهرست منبع

package/raptor: fix CVE-2020-25713

A malformed input file can lead to a segfault due to an out of bounds
array access in raptor_xml_writer_start_element_common.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine 3 سال پیش
والد
672807b815
کامیت
2fca33462b
2فایلهای تغییر یافته به همراه36 افزوده شده و 0 حذف شده
نمای یکپارچه نمایش آمار تفاوت ها
  1. 33 0
      package/raptor/0003-XML-Writer-compare-namespace-declarations-correctly.patch
  2. 3 0
      package/raptor/raptor.mk

+ 33 - 0
package/raptor/0003-XML-Writer-compare-namespace-declarations-correctly.patch
مشاهده فایل 

@@ -0,0 +1,33 @@
 
+From 4f5dbbffcc1c6cf0398bd03450453289a0979dea Mon Sep 17 00:00:00 2001
 
+From: Dave Beckett <dave@dajobe.org>
 
+Date: Sat, 18 Sep 2021 17:40:00 -0700
 
+Subject: [PATCH] XML Writer : compare namespace declarations correctly
 
+
 
+Apply patch from
 
+0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
 
+that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650
 
+which overwrote heap during XML writing in parse type literal
 
+content.  This was detected with clang asan.
 
+
 
+Thanks to Michael Stahl / mst2 for the fix.
 
+
 
+[Retrieved from:
 
+https://github.com/dajobe/raptor/commit/4f5dbbffcc1c6cf0398bd03450453289a0979dea]
 
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
+---
 
+ src/raptor_xml_writer.c | 2 +-
 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
+
 
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
 
+index 56993dc3..4426d38c 100644
 
+--- a/src/raptor_xml_writer.c
 
++++ b/src/raptor_xml_writer.c
 
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
 
+           
+           /* check it wasn't an earlier declaration too */
 
+           for(j = 0; j < nspace_declarations_count; j++)
 
+-            if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
 
++            if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
 
+               declare_me = 0;
 
+               break;
 
+             }

+ 3 - 0
package/raptor/raptor.mk
مشاهده فایل 

@@ -20,6 +20,9 @@ RAPTOR_AUTORECONF = YES
 
 # 0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
 
 # 0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
 
 RAPTOR_IGNORE_CVES += CVE-2017-18926
 
 RAPTOR_IGNORE_CVES += CVE-2017-18926
 
 
 
+# 0003-XML-Writer-compare-namespace-declarations-correctly.patch
 
+RAPTOR_IGNORE_CVES += CVE-2020-25713
 
+
 
 RAPTOR_CONF_OPTS =\
 
 RAPTOR_CONF_OPTS =\
 
 	--with-xml2-config=$(STAGING_DIR)/usr/bin/xml2-config \
 
 	--with-xml2-config=$(STAGING_DIR)/usr/bin/xml2-config \
 
 	--with-xslt-config=$(STAGING_DIR)/usr/bin/xslt-config
 
 	--with-xslt-config=$(STAGING_DIR)/usr/bin/xslt-config