Inicio Explorar Axuda
Iniciar sesión
PUBLIC_REPOS
/
buildroot
réplica de git://git.buildroot.net/buildroot
2
1
Fork 0
Ficheiros
Árbore: c68a14d73a
Ramas Etiquetas
buildroot
/
package
/
libxml2
/
0003-Schematron-Fix-null-pointer-dereference-leading-to-D.patch

0003-Schematron-Fix-null-pointer-dereference-leading-to-D.patch 2.3 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. From 4df1c80c4edc51ecb9f2f574203128a06fd31406 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Michael Mann <mmann78@netscape.net>
    3. 

  3. Date: Sat, 21 Jun 2025 12:11:30 -0400
    4. 

  4. Subject: [PATCH] Schematron: Fix null pointer dereference leading to DoS
    5. 

  5. 

  6. (CVE-2025-49795)
    7. 

  7. 

  8. Fixes #932
    9. 

  9. 

  10. Upstream: https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765
    11. 

  11. CVE: CVE-2025-49795
    12. 

  12. Signed-off-by: Tim Soubry <tim.soubry@mind.be>
    13. 

  13. ---
    14. 

  14.  result/schematron/zvon16_0.err | 1 +
    15. 

  15.  schematron.c                   | 2 ++
    16. 

  16.  test/schematron/zvon16.sct     | 7 +++++++
    17. 

  17.  test/schematron/zvon16_0.xml   | 5 +++++
    18. 

  18.  4 files changed, 15 insertions(+)
    19. 

  19.  create mode 100644 result/schematron/zvon16_0.err
    20. 

  20.  create mode 100644 test/schematron/zvon16.sct
    21. 

  21.  create mode 100644 test/schematron/zvon16_0.xml
    22. 

  22. 

  23. diff --git a/result/schematron/zvon16_0.err b/result/schematron/zvon16_0.err
    24. 

  24. new file mode 100644
    25. 

  25. index 00000000..465cf2eb
    26. 

  26. --- /dev/null
    27. 

  27. +++ b/result/schematron/zvon16_0.err
    28. 

  28. @@ -0,0 +1 @@
    29. 

  29. +xmlSchematronParse: could not load './test/schematron/zvon16.sct'
    30. 

  30. \ No newline at end of file
    31. 

  31. diff --git a/schematron.c b/schematron.c
    32. 

  32. index 426300c8..b51b20e1 100644
    33. 

  33. --- a/schematron.c
    34. 

  34. +++ b/schematron.c
    35. 

  35. @@ -1509,6 +1509,8 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
    36. 

  36.              select = xmlGetNoNsProp(child, BAD_CAST "select");
    37. 

  37.              comp = xmlXPathCtxtCompile(ctxt->xctxt, select);
    38. 

  38.              eval = xmlXPathCompiledEval(comp, ctxt->xctxt);
    39. 

  39. +            if (eval == NULL)
    40. 

  40. +                return ret;
    41. 

  41.  
    42. 

  42.              switch (eval->type) {
    43. 

  43.              case XPATH_NODESET: {
    44. 

  44. diff --git a/test/schematron/zvon16.sct b/test/schematron/zvon16.sct
    45. 

  45. new file mode 100644
    46. 

  46. index 00000000..4d24c054
    47. 

  47. --- /dev/null
    48. 

  48. +++ b/test/schematron/zvon16.sct
    49. 

  49. @@ -0,0 +1,7 @@
    50. 

  50. +<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron"
    51. 

  51. +	<sch:pattern id="TestPattern">
    52. 

  52. +		<sch:rule context="book">
    53. 

  53. +			<sch:report test="not(@available)">Book <sch:value-of select="falae()"/> test</sch:report>
    54. 

  54. +		</sch:rule>
    55. 

  55. +	</sch:pattern>
    56. 

  56. +</sch:schema>
    57. 

  57. diff --git a/test/schematron/zvon16_0.xml b/test/schematron/zvon16_0.xml
    58. 

  58. new file mode 100644
    59. 

  59. index 00000000..551e2d65
    60. 

  60. --- /dev/null
    61. 

  61. +++ b/test/schematron/zvon16_0.xml
    62. 

  62. @@ -0,0 +1,5 @@
    63. 

  63. +<library>
    64. 

  64. +	<book title="Test Book" id="bk101">
    65. 

  65. +		<author>Test Author</author>
    66. 

  66. +	</book>
    67. 

  67. +</library>
    68. 

  68. -- 
    69. 

  69. 2.39.5
    70. 

  70.