packages/libxslt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix double-free with stylesheets containing entity nodes

Browse Source
This commit is contained in:
panxiaohe 2021-10-23 15:11:02 +08:00
parent 62c75adb4a
commit 95b9b1114e
2 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Fix-double-free-with-stylesheets-containing-entity-n.patch Normal file
View File

@ -0,0 +1,36 @@
From 3e8bbcdec8d2318ca8ab27a2a4a509a5d9bb2d51 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 2 Feb 2021 04:28:15 +0100
Subject: [PATCH] Fix double-free with stylesheets containing entity nodes
Fix broken logic to make sure that entity nodes are deleted from the
stylesheet. Note that stylesheets parsed with XML_PARSE_NOENT, which
is included in XSLT_PARSE_OPTIONS, aren't affected.
Found by OSS-Fuzz.
---
libxslt/xslt.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
index 7a1ce01..69116f2 100644
--- a/libxslt/xslt.c
+++ b/libxslt/xslt.c
@@ -3656,12 +3656,8 @@ xsltPreprocessStylesheet(xsltStylesheetPtr style, xmlNodePtr cur)
(!xsltCheckExtURI(style, cur->ns->href))) {
goto skip_children;
} else if (cur->children != NULL) {
- if ((cur->children->type != XML_ENTITY_DECL) &&
- (cur->children->type != XML_ENTITY_REF_NODE) &&
- (cur->children->type != XML_ENTITY_NODE)) {
- cur = cur->children;
- continue;
- }
+ cur = cur->children;
+ continue;
}
skip_children:
--
1.8.3.1

8
libxslt.spec
View File

@ -1,6 +1,6 @@
Name: libxslt Name: libxslt
Version: 1.1.34 Version: 1.1.34
Release: 3 Release: 4
Summary: XSLT Transformation Library Summary: XSLT Transformation Library
License: MIT License: MIT
URL: http://xmlsoft.org/libxslt/ URL: http://xmlsoft.org/libxslt/
@ -12,6 +12,7 @@ Patch2: Fix-clang-Wconditional-uninitialized-warning-in-libx.patch
Patch3: Fix-clang-Wimplicit-int-conversion-warning.patch Patch3: Fix-clang-Wimplicit-int-conversion-warning.patch
Patch4: Fix-implicit-int-conversion-warning-in-exslt-crypto..patch Patch4: Fix-implicit-int-conversion-warning-in-exslt-crypto..patch
Patch5: Fix-quadratic-runtime-with-text-and-xsl-message.patch Patch5: Fix-quadratic-runtime-with-text-and-xsl-message.patch
Patch6: Fix-double-free-with-stylesheets-containing-entity-n.patch
BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27 BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27
@ -101,6 +102,9 @@ make check
%doc python/tests/*.xsl %doc python/tests/*.xsl
%changelog %changelog
* Sat Oct 23 2021 panxiaohe<panxiaohe@huawei.com> - 1.1.34-4
- Fix double-free with stylesheets containing entity nodes
* Wed Sep 23 2020 yangzhuangzhuang<yangzhuangzhuang1@huawei.com> - 1.1.34-3 * Wed Sep 23 2020 yangzhuangzhuang<yangzhuangzhuang1@huawei.com> - 1.1.34-3
- Fix the large loop found in xsltApplyStylesheetUser through fuzzing testcase xslt. - Fix the large loop found in xsltApplyStylesheetUser through fuzzing testcase xslt.
@ -113,7 +117,7 @@ make check
* Sat Jan 11 2020 zhangguangzhi<zhanguangzhi3@huawei.com> - 1.1.32-7 * Sat Jan 11 2020 zhangguangzhi<zhanguangzhi3@huawei.com> - 1.1.32-7
- del patch to be consistent with open source - del patch to be consistent with open source
* Mon Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.32-6 * Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.32-6
- fix bug in community files - fix bug in community files
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.32-5 * Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.32-5