rpms/libxml2/F-8 CVE-2008-4225.patch, NONE, 1.1 CVE-2008-4226.patch, NONE, 1.1 libxml2.spec, 1.54, 1.55
Daniel Veillard
veillard at fedoraproject.org
Mon Nov 17 16:02:39 UTC 2008
- Previous message (by thread): rpms/libxml2/F-9 CVE-2008-4225.patch, NONE, 1.1 CVE-2008-4226.patch, NONE, 1.1 libxml2.spec, 1.59, 1.60
- Next message (by thread): rpms/libxml2/F-10 CVE-2008-4225.patch, NONE, 1.1 CVE-2008-4226.patch, NONE, 1.1 libxml2.spec, 1.61, 1.62
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: veillard
Update of /cvs/pkgs/rpms/libxml2/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13567
Modified Files:
libxml2.spec
Added Files:
CVE-2008-4225.patch CVE-2008-4226.patch
Log Message:
Fixes for CVE-2008-4225 and CVE-2008-4226
CVE-2008-4225.patch:
--- NEW FILE CVE-2008-4225.patch ---
--- tree.c.orig 2008-10-31 18:14:00.000000000 -0700
+++ tree.c 2008-10-31 18:14:35.000000000 -0700
@@ -14,7 +14,7 @@
#include "libxml.h"
#include <string.h> /* for memset() only ! */
-
+#include <limits.h>
#ifdef HAVE_CTYPE_H
#include <ctype.h>
#endif
@@ -6996,7 +6996,13 @@
case XML_BUFFER_ALLOC_DOUBLEIT:
/*take care of empty case*/
newSize = (buf->size ? buf->size*2 : size + 10);
- while (size > newSize) newSize *= 2;
+ while (size > newSize) {
+ if (newSize > UINT_MAX / 2) {
+ xmlTreeErrMemory("growing buffer");
+ return 0;
+ }
+ newSize *= 2;
+ }
break;
case XML_BUFFER_ALLOC_EXACT:
newSize = size+10;
CVE-2008-4226.patch:
--- NEW FILE CVE-2008-4226.patch ---
--- SAX2.c.orig 2008-01-25 08:10:04.000000000 -0500
+++ SAX2.c 2008-11-07 05:07:34.000000000 -0500
@@ -11,6 +11,7 @@
#include "libxml.h"
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#include <libxml/xmlmemory.h>
#include <libxml/tree.h>
#include <libxml/parser.h>
@@ -26,6 +27,11 @@
#include <libxml/HTMLtree.h>
#include <libxml/globals.h>
+/* Define SIZE_T_MAX unless defined through <limits.h>. */
+#ifndef SIZE_T_MAX
+# define SIZE_T_MAX ((size_t)-1)
+#endif /* !SIZE_T_MAX */
+
/* #define DEBUG_SAX2 */
/* #define DEBUG_SAX2_TREE */
@@ -2445,9 +2451,14 @@
(xmlDictOwns(ctxt->dict, lastChild->content))) {
lastChild->content = xmlStrdup(lastChild->content);
}
+ if ((size_t)ctxt->nodelen > SIZE_T_MAX - (size_t)len ||
+ (size_t)ctxt->nodemem + (size_t)len > SIZE_T_MAX / 2) {
+ xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters overflow prevented");
+ return;
+ }
if (ctxt->nodelen + len >= ctxt->nodemem) {
xmlChar *newbuf;
- int size;
+ size_t size;
size = ctxt->nodemem + len;
size *= 2;
Index: libxml2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libxml2/F-8/libxml2.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- libxml2.spec 7 Oct 2008 15:27:50 -0000 1.54
+++ libxml2.spec 17 Nov 2008 16:02:08 -0000 1.55
@@ -1,7 +1,7 @@
Summary: Library providing XML and HTML support
Name: libxml2
Version: 2.7.2
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
License: MIT
Group: Development/Libraries
Source: ftp://xmlsoft.org/libxml2-%{version}.tar.gz
@@ -9,6 +9,8 @@
BuildRequires: python python-devel zlib-devel
URL: http://xmlsoft.org/
Patch0: libxml2-multilib.patch
+Patch1: CVE-2008-4225.patch
+Patch2: CVE-2008-4226.patch
%description
This library allows to manipulate XML files. It includes support
@@ -67,6 +69,8 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p0
+%patch2 -p0
%build
%configure
@@ -141,6 +145,9 @@
%doc doc/python.html
%changelog
+* Wed Nov 12 2008 Daniel Veillard <veillard at redhat.com> - 2.7.2-2.fc8
+- two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226
+
* Tue Oct 7 2008 Daniel Veillard <veillard at redhat.com> 2.7.2-1.fc8
- new release 2.7.2
- Fixes the known problems in 2.7.1
- Previous message (by thread): rpms/libxml2/F-9 CVE-2008-4225.patch, NONE, 1.1 CVE-2008-4226.patch, NONE, 1.1 libxml2.spec, 1.59, 1.60
- Next message (by thread): rpms/libxml2/F-10 CVE-2008-4225.patch, NONE, 1.1 CVE-2008-4226.patch, NONE, 1.1 libxml2.spec, 1.61, 1.62
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list