FreeBSD Bugzilla – Attachment 208512 Details for
Bug 241420
textproc/libxslt: Fix CVE-2019-18197
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix CVE, close #239131
0001-textproc-libxslt.patch (text/plain), 2.74 KB, created by
Nathan
on 2019-10-22 20:13:28 UTC
(
hide
)
Description:
Fix CVE, close #239131
Filename:
MIME Type:
Creator:
Nathan
Created:
2019-10-22 20:13:28 UTC
Size:
2.74 KB
patch
obsolete
>From 8996afd6564b88501cef7a39818a1649040f36aa Mon Sep 17 00:00:00 2001 >From: Nathan Owens <ndowens04@gmail.com> >Date: Tue, 22 Oct 2019 15:03:17 -0500 >Subject: [PATCH] textproc/libxslt: > >* Include patch from #239131 >* Add patch from libxslt GIT page; commit #22324737 > - Fixes: CVE-2019-18197 >--- > textproc/libxslt/Makefile | 4 +- > .../libxslt/files/patch-libxslt_transform.c | 46 ++++++++++++------- > 2 files changed, 31 insertions(+), 19 deletions(-) > >diff --git a/textproc/libxslt/Makefile b/textproc/libxslt/Makefile >index 15bfb9e53..405dc06c6 100644 >--- a/textproc/libxslt/Makefile >+++ b/textproc/libxslt/Makefile >@@ -3,9 +3,9 @@ > > PORTNAME= libxslt > PORTVERSION= 1.1.33 >+PORTREVISION= 1 > CATEGORIES?= textproc gnome >-MASTER_SITES= http://xmlsoft.org/sources/ \ >- https://mirror.umd.edu/xbmc/build-deps/sources/ >+MASTER_SITES= https://ftp.osuosl.org/pub/blfs/conglomeration/libxslt/ > DIST_SUBDIR= gnome2 > > MAINTAINER?= gnome@FreeBSD.org >diff --git a/textproc/libxslt/files/patch-libxslt_transform.c b/textproc/libxslt/files/patch-libxslt_transform.c >index 744e8dd9b..8d72dfffc 100644 >--- a/textproc/libxslt/files/patch-libxslt_transform.c >+++ b/textproc/libxslt/files/patch-libxslt_transform.c >@@ -1,18 +1,30 @@ >---- libxslt/transform.c.orig 2017-10-30 07:49:55 UTC >+From ee31512213544a869418a06a819e9cb9a7346f65 Mon Sep 17 00:00:00 2001 >+From: Nick Wellnhofer <wellnhofer@aevum.de> >+Date: Sat, 17 Aug 2019 16:51:53 +0200 >+Subject: [PATCH] Fix dangling pointer in xsltCopyText >+ >+xsltCopyText didn't reset ctxt->lasttext in some cases which could >+lead to various memory errors in relation with CDATA sections in input >+documents. >+ >+Found by OSS-Fuzz. >+--- >+ libxslt/transform.c | 2 ++ >+ 1 file changed, 2 insertions(+) >+ >+diff --git a/libxslt/transform.c b/libxslt/transform.c >+index ed5afacb..477265c2 100644 >+--- libxslt/transform.c > +++ libxslt/transform.c >-@@ -3485,10 +3485,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNode >- */ >- if (ctxt->sec != NULL) { >- ret = xsltCheckWrite(ctxt->sec, ctxt, filename); >-- if (ret == 0) { >-- xsltTransformError(ctxt, NULL, inst, >-- "xsltDocumentElem: write rights for %s denied\n", >-- filename); >-+ if (ret <= 0) { >-+ if (ret == 0) >-+ xsltTransformError(ctxt, NULL, inst, >-+ "xsltDocumentElem: write rights for %s denied\n", >-+ filename); >- xmlFree(URL); >- xmlFree(filename); >- return; >+@@ -1090,6 +1090,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, >+ if ((copy->content = xmlStrdup(cur->content)) == NULL) >+ return NULL; >+ } >++ >++ ctxt->lasttext = NULL; >+ } else { >+ /* >+ * normal processing. keep counters to extend the text node >+-- >+2.23.0 >+ >-- >2.23.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 241420
:
208512
|
208515
|
208538
|
208586