mirror of
git://slackware.nl/current.git
synced 2025-01-18 22:27:20 +01:00
87f850786e
patches/packages/libxml2-2.9.13-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Use-after-free of ID and IDREF attributes (Thanks to Shinji Sato for the report) Use-after-free in xmlXIncludeCopyRange (David Kilzer) Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong) Fix memory leak in xmlXPathCompNodeTest Fix null pointer deref in xmlStringGetNodeList Fix several memory leaks found by Coverity (David King) For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308 (* Security fix *) patches/packages/libxslt-1.1.35-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix use-after-free in xsltApplyTemplates Fix memory leak in xsltDocumentElem (David King) Fix memory leak in xsltCompileIdKeyPattern (David King) Fix double-free with stylesheets containing entity nodes For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560 (* Security fix *)
34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
Index: libxml2-2.9.5/python/libxml.c
|
|
===================================================================
|
|
--- libxml2-2.9.5.orig/python/libxml.c
|
|
+++ libxml2-2.9.5/python/libxml.c
|
|
@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
|
|
PyObject *message;
|
|
PyObject *result;
|
|
char str[1000];
|
|
+ unsigned char *ptr = (unsigned char *)str;
|
|
|
|
#ifdef DEBUG_ERROR
|
|
printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
|
|
@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
|
|
str[999] = 0;
|
|
va_end(ap);
|
|
|
|
+#if PY_MAJOR_VERSION >= 3
|
|
+ /* Ensure the error string doesn't start at UTF8 continuation. */
|
|
+ while (*ptr && (*ptr & 0xc0) == 0x80)
|
|
+ ptr++;
|
|
+#endif
|
|
+
|
|
list = PyTuple_New(2);
|
|
PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
|
|
Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
|
|
- message = libxml_charPtrConstWrap(str);
|
|
+ message = libxml_charPtrConstWrap(ptr);
|
|
PyTuple_SetItem(list, 1, message);
|
|
result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
|
|
+ /* Forget any errors caused in the error handler. */
|
|
+ PyErr_Clear();
|
|
Py_XDECREF(list);
|
|
Py_XDECREF(result);
|
|
}
|