[libxml2/f14/master] fix a double free in XPath CVE-2010-4494 bug 665965
Daniel Veillard
veillard at fedoraproject.org
Fri Mar 4 13:43:16 UTC 2011
commit 9a08b1c70c98ab21ec1abdba80e43538375a5989
Author: Daniel Veillard <veillard at redhat.com>
Date: Fri Mar 4 21:42:23 2011 +0800
fix a double free in XPath CVE-2010-4494 bug 665965
also cleanup sources
Daniel
libxml2-2.7.7-xpath-double-free.patch | 22 ++++++++++++++++++++++
libxml2.spec | 7 ++++++-
sources | 1 -
3 files changed, 28 insertions(+), 2 deletions(-)
---
diff --git a/libxml2-2.7.7-xpath-double-free.patch b/libxml2-2.7.7-xpath-double-free.patch
new file mode 100644
index 0000000..c5dbbee
--- /dev/null
+++ b/libxml2-2.7.7-xpath-double-free.patch
@@ -0,0 +1,22 @@
+--- a/xpath.c
++++ a/xpath.c
+@@ -11763,11 +11763,16 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt,
+
+ if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
+ xmlXPathObjectPtr tmp;
+- /* pop the result */
++ /* pop the result if any */
+ tmp = valuePop(ctxt);
+- xmlXPathReleaseObject(xpctxt, tmp);
+- /* then pop off contextObj, which will be freed later */
+- valuePop(ctxt);
++ if (tmp != contextObj) {
++ /*
++ * Free up the result
++ * then pop off contextObj, which will be freed later
++ */
++ xmlXPathReleaseObject(xpctxt, tmp);
++ valuePop(ctxt);
++ }
+ goto evaluation_error;
+ }
diff --git a/libxml2.spec b/libxml2.spec
index 430b40c..3c04599 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,7 +1,7 @@
Summary: Library providing XML and HTML support
Name: libxml2
Version: 2.7.7
-Release: 2%{?dist}%{?extra_release}
+Release: 3%{?dist}%{?extra_release}
License: MIT
Group: Development/Libraries
Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
@@ -9,6 +9,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: python python-devel zlib-devel pkgconfig
URL: http://xmlsoft.org/
Patch0: libxml2-multilib.patch
+Patch1: libxml2-2.7.7-xpath-double-free.patch
%description
This library allows to manipulate XML files. It includes support
@@ -67,6 +68,7 @@ at parse time or later once the document has been modified.
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
%configure
@@ -141,6 +143,9 @@ rm -fr %{buildroot}
%doc doc/python.html
%changelog
+* Fri Mar 4 2011 Daniel Veillard <veillard at redhat.com> - 2.7.7-3
+- fix a double free in XPath CVE-2010-4494 bug 665965
+
* Wed Jul 21 2010 David Malcolm <dmalcolm at redhat.com> - 2.7.7-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
diff --git a/sources b/sources
index 9952f73..5f6cd0e 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-7740a8ec23878a2f50120e1faa2730f2 libxml2-2.7.6.tar.gz
9abc9959823ca9ff904f1fbcf21df066 libxml2-2.7.7.tar.gz
More information about the scm-commits
mailing list