NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/raptor: fix CVE-2020-25713

Browse Source 
A malformed input file can lead to a segfault due to an out of bounds
array access in raptor_xml_writer_start_element_common.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Fabrice Fontaine 2022-03-20 18:23:26 +01:00 committed by Yann E. MORIN
parent 672807b815
commit 2fca33462b
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
package/raptor/0003-XML-Writer-compare-namespace-declarations-correctly.patch Normal file
View File

@ -0,0 +1,33 @@
From 4f5dbbffcc1c6cf0398bd03450453289a0979dea Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Sat, 18 Sep 2021 17:40:00 -0700
Subject: [PATCH] XML Writer : compare namespace declarations correctly
Apply patch from
0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650
which overwrote heap during XML writing in parse type literal
content. This was detected with clang asan.
Thanks to Michael Stahl / mst2 for the fix.
[Retrieved from:
https://github.com/dajobe/raptor/commit/4f5dbbffcc1c6cf0398bd03450453289a0979dea]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/raptor_xml_writer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 56993dc3..4426d38c 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
/* check it wasn't an earlier declaration too */
for(j = 0; j < nspace_declarations_count; j++)
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
declare_me = 0;
break;
}

3
package/raptor/raptor.mk
View File

@ -20,6 +20,9 @@ RAPTOR_AUTORECONF = YES
# 0002-Calcualte-max-nspace-declarations-correctly-for-XML-.patch
RAPTOR_IGNORE_CVES += CVE-2017-18926
# 0003-XML-Writer-compare-namespace-declarations-correctly.patch
RAPTOR_IGNORE_CVES += CVE-2020-25713
RAPTOR_CONF_OPTS =\
--with-xml2-config=$(STAGING_DIR)/usr/bin/xml2-config \
--with-xslt-config=$(STAGING_DIR)/usr/bin/xslt-config