Commit d84e627a authored by slimm609's avatar slimm609 Committed by Leo

main/libxml2: fix CVE-2020-24977

parent c68b7213
......@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=libxml2
pkgver=2.9.10
pkgrel=4
pkgrel=5
pkgdesc="XML parsing library, version 2"
url="http://www.xmlsoft.org/"
arch="all"
......@@ -18,9 +18,12 @@ source="http://xmlsoft.org/sources/libxml2-$pkgver.tar.gz
libxml2-CVE-2020-7595.patch
revert-Make-xmlFreeNodeList-non-recursive.patch
libxml2-2.9.8-python3-unicode-errors.patch
CVE-2020-24977.patch
"
# secfixes:
# 2.9.10-r5:
# - CVE-2020-24977
# 2.9.10-r4:
# - CVE-2019-20388
# 2.9.8-r3:
......@@ -94,4 +97,6 @@ sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee
46ade1189ef24cb56bd38c2c58aaacc8f3e8404656b9976754e9ec9bfe17f71e9a1fdb6febd02947f6120b5ce320cbc7391baf8d0cb042877bcf81553010ad04 CVE-2019-20388.patch
90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 libxml2-CVE-2020-7595.patch
347178e432379d543683cba21b902e7305202c03e8dbd724ae395963d677096a5cfc4e345e208d498163ca5174683c167610fc2b297090476038bc2bb7c84b4f revert-Make-xmlFreeNodeList-non-recursive.patch
a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7 libxml2-2.9.8-python3-unicode-errors.patch"
a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7 libxml2-2.9.8-python3-unicode-errors.patch
b25a49cfb51569799ada41bad0efaf2666d70b9efb380987c3d5678fd943ada5d0baa18a3db5efa58dac65db8e2d2915ab5c6bac850d0c610656c89734853fd5 CVE-2020-24977.patch
"
From 8e7c20a1af8776677d7890f30b7a180567701a49 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 3 Aug 2020 17:30:41 +0200
Subject: [PATCH] Fix integer overflow when comparing schema dates
Found by OSS-Fuzz.
---
xmlschemastypes.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/xmlschemastypes.c b/xmlschemastypes.c
index 4249d7000..d6b9f924e 100644
--- a/xmlschemastypes.c
+++ b/xmlschemastypes.c
@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
minday = 0;
maxday = 0;
} else {
+ if (myear > LONG_MAX / 366)
+ return -2;
/* FIXME: This doesn't take leap year exceptions every 100/400 years
into account. */
maxday = 365 * myear + (myear + 3) / 4;
@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
if ((x == NULL) || (y == NULL))
return -2;
+ if ((x->value.date.year > LONG_MAX / 366) ||
+ (x->value.date.year < LONG_MIN / 366) ||
+ (y->value.date.year > LONG_MAX / 366) ||
+ (y->value.date.year < LONG_MIN / 366)) {
+ /* Possible overflow when converting to days. */
+ return -2;
+ }
+
if (x->value.date.tz_flag) {
if (!y->value.date.tz_flag) {
--
GitLab
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment