summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Joel Hockey [Mon, 17 Aug 2020 00:19:35 +0000 (17:19 -0700)]
[CVE-2021-3517] Validate UTF8 in xmlEncodeEntities
Code is currently assuming UTF-8 without validating. Truncated UTF-8
input can cause out-of-bounds array access.
Adds further checks to partial fix in
50f06b3e.
Fixes #178
Change-Id: Ie12b322068d4550475a04fc5976a79e8a38231f9
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Zhipeng Xie [Tue, 20 Aug 2019 08:33:06 +0000 (16:33 +0800)]
[CVE-2019-20388] Fix memory leak in xmlSchemaValidateStream
When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
vctxt->xsiAssemble to 0 again which cause the alloced schema
can not be freed anymore.
Found with libFuzzer.
Change-Id: I19755ffa6ff031a6d5ba2b7daa82ad1b8a3b9362
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Nick Wellnhofer [Tue, 8 Feb 2022 02:29:24 +0000 (03:29 +0100)]
[CVE-2022-23308] Use-after-free of ID and IDREF attributes
If a document is parsed with XML_PARSE_DTDVALID and without
XML_PARSE_NOENT, the value of ID attributes has to be normalized after
potentially expanding entities in xmlRemoveID. Otherwise, later calls
to xmlGetID can return a pointer to previously freed memory.
ID attributes which are empty or contain only whitespace after
entity expansion are affected in a similar way. This is fixed by
not storing such attributes in the ID table.
The test to detect streaming mode when validating against a DTD was
broken. In connection with the defects above, this could result in a
use-after-free when using the xmlReader interface with validation.
Fix detection of streaming mode to avoid similar issues. (This changes
the expected result of a test case. But as far as I can tell, using the
XML reader with XIncludes referencing the root document never worked
properly, anyway.)
All of these issues can result in denial of service. Using xmlReader
with validation could result in disclosure of memory via the error
channel, typically stderr. The security impact of xmlGetID returning
a pointer to freed memory depends on the application. The typical use
case of calling xmlGetID on an unmodified document is not affected.
Change-Id: I2698142478b614c9b4636528c20aa30e2bbae31c
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Hyunjee Kim [Thu, 28 May 2020 01:32:22 +0000 (10:32 +0900)]
Separate python-libxml2 from libxml2
* python-libxml2: https://review.tizen.org/gerrit/233663
* python3-libxml2: https://review.tizen.org/gerrit/233789
Change-Id: Ifff4ffd3d16f3a3a22d9d681b483266b263d55eb
Signed-off-by: Hyunjee Kim <hj0426.kim@samsung.com>
DongHun Kwak [Tue, 17 Mar 2020 01:10:24 +0000 (10:10 +0900)]
Merge branch 'sandbox/dh0128.kwak/libxml2_2.9.10_20200316' into tizen_base
Change-Id: I54bcae8ad21f42a8f978e03ebe05cf4816e33dae
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Tue, 17 Mar 2020 01:06:33 +0000 (10:06 +0900)]
Bump to libxml 2.9.10
Change-Id: Iba9ff0b8e9994c5a805764b04679c3f4d95d0063
Zhipeng Xie [Wed, 7 Aug 2019 09:39:17 +0000 (17:39 +0800)]
[CVE-2019-19956] Fix memory leak in xmlParseBalancedChunkMemoryRecover
When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
NULL and free newDoc will cause a memory leak.
Found with libFuzzer.
Closes #82.
Change-Id: I9de145cc666e3791a81bfacb3930d21e624c4a7a
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Hyunjee Kim [Thu, 28 Nov 2019 00:41:20 +0000 (09:41 +0900)]
Imported Upstream version 2.9.10
Hyunjee Kim [Fri, 18 Oct 2019 04:48:05 +0000 (13:48 +0900)]
Bump to libxml2 2.9.9
Change-Id: Ib452868b90532148d42059317894a883e3fb42e5
Signed-off-by: Hyunjee Kim <hj0426.kim@samsung.com>
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Thu, 10 Oct 2019 05:47:48 +0000 (14:47 +0900)]
Imported Upstream version 2.9.9
DongHun Kwak [Thu, 10 Oct 2019 05:47:39 +0000 (14:47 +0900)]
Imported Upstream version 2.9.8
DongHun Kwak [Thu, 23 Nov 2017 02:22:54 +0000 (11:22 +0900)]
Imported Upstream version 2.9.7
Change-Id: I9ae5434978bd98bb49d072dc066e149cbac06842
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Tue, 17 Oct 2017 05:43:14 +0000 (14:43 +0900)]
Imported Upstream version 2.9.6
Change-Id: I5c98bedf617f60e9e5c5883c0a028c2733b361d0
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Tue, 17 Oct 2017 05:42:37 +0000 (14:42 +0900)]
Imported Upstream version 2.9.6_rc1
Change-Id: I5dcb0df63b566606727a5902d819550ce253f54c
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Tue, 17 Oct 2017 05:42:10 +0000 (14:42 +0900)]
Imported Upstream version 2.9.5
Change-Id: I26aba6b2cafb1d9429b90886c5270887df23ef57
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Tue, 17 Oct 2017 05:41:39 +0000 (14:41 +0900)]
Imported Upstream version 2.9.5_rc2
Change-Id: I1713fddeb3c21d510a0194abdf5d37d5674780c2
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Tue, 17 Oct 2017 05:41:01 +0000 (14:41 +0900)]
Imported Upstream version 2.9.5_rc1
Change-Id: I8601bce726b46c3afa400a74689dfa004cae0501
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Wed, 15 Jun 2016 05:06:40 +0000 (14:06 +0900)]
Imported Upstream version 2.9.4
Change-Id: Ia77571980e4b0410bb3314b12af5a9e5bf732a38
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
DongHun Kwak [Mon, 23 Nov 2015 11:28:27 +0000 (20:28 +0900)]
Imported Upstream version 2.9.2
Change-Id: I82eaee9a90ae71ea3d3c6151e275ad34ed6ea919
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
xroche [Fri, 7 Nov 2014 16:26:44 +0000 (17:26 +0100)]
Imported Upstream version 2.9.1
Anas Nashif [Wed, 7 Nov 2012 16:49:28 +0000 (08:49 -0800)]
Imported Upstream version 2.8.0