From 088346782d483a1af4e78ea900abb988179eb3a9 Mon Sep 17 00:00:00 2001 From: "@ran-zhao-yu" Date: Tue, 11 Jun 2024 16:43:10 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E8=A1=A5CVE-34459=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: @ran-zhao-yu --- Fix-CVE-2024-34459.patch | 26 ++++++++++++++++++++++++++ install.py | 3 ++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 Fix-CVE-2024-34459.patch diff --git a/Fix-CVE-2024-34459.patch b/Fix-CVE-2024-34459.patch new file mode 100644 index 0000000..a7e5fec --- /dev/null +++ b/Fix-CVE-2024-34459.patch @@ -0,0 +1,26 @@ +From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Wed, 8 May 2024 11:49:31 +0200 +Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` + +Add a missing bounds check. +--- + xmllint.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xmllint.c b/xmllint.c +index 82a878651..4d84c640b 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -599,7 +599,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { + len = strlen(buffer); + snprintf(&buffer[len], sizeof(buffer) - len, "\n"); + cur = input->cur; +- while ((*cur == '\n') || (*cur == '\r')) ++ while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) + cur--; + n = 0; + while ((cur != base) && (n++ < 80)) { +-- +GitLab + diff --git a/install.py b/install.py index bedc0c3..078f04a 100755 --- a/install.py +++ b/install.py @@ -229,7 +229,8 @@ def do_patch(args, target_dir): "backport-malloc-fail-Fix-null-deref-after-xmlXIncludeNewRef.patch", "backport-xpath-Ignore-entity-ref-nodes-when-computing-node-ha.patch", "backport-SAX-Always-initialize-SAX1-element-handlers.patch", - "Fix-malloc-fail.patch" + "Fix-malloc-fail.patch", + "Fix-CVE-2024-34459.patch" ] for patch in patch_file: -- Gitee