blob: 31183399f8fd36ae01f60fc43a220cbb5dbdf946 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From 31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 9 Nov 2020 17:55:44 +0100
Subject: [PATCH] Avoid call stack overflow with XML reader and recursive
XIncludes
Don't process XIncludes in the result of another inclusion to avoid
infinite recursion resulting in a call stack overflow.
This is something the XInclude engine shouldn't allow but correct
handling of intra-document includes would require major changes.
Found by OSS-Fuzz.
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508]
CVE: CVE-2024-25062 #Dependency Patch
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
xmlreader.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xmlreader.c b/xmlreader.c
index 01adf74f4..72e40b032 100644
--- a/xmlreader.c
+++ b/xmlreader.c
@@ -1585,7 +1585,8 @@ node_found:
/*
* Handle XInclude if asked for
*/
- if ((reader->xinclude) && (reader->node != NULL) &&
+ if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+ (reader->node != NULL) &&
(reader->node->type == XML_ELEMENT_NODE) &&
(reader->node->ns != NULL) &&
((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) ||
--
GitLab
|
