packages/libyang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!2 Add patch CVE-2021-28903

Browse Source 
From: @yaozc701
Reviewed-by: @MrRlu
Signed-off-by: @MrRlu
This commit is contained in:
openeuler-ci-bot 2021-06-24 08:21:16 +00:00 committed by Gitee
commit fb767d5e97
2 changed files with 74 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
CVE-2021-28903.patch Normal file
View File

@ -0,0 +1,69 @@
From 298b30ea4ebee137226acf9bb38678bd82704582 Mon Sep 17 00:00:00 2001
From: Michal Vasko <mvasko@cesnet.cz>
Date: Mon, 8 Mar 2021 14:32:58 +0100
Subject: [PATCH] common FEATURE add a hard limit for recursion
Fixes #1453
---
src/common.h.in | 3 +++
src/xml.c | 12 +++++++++---
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/common.h.in b/src/common.h.in
index a5bf2b038..624beba9f 100644
--- a/src/common.h.in
+++ b/src/common.h.in
@@ -53,6 +53,9 @@
/* how many bytes add when enlarging buffers */
#define LY_BUF_STEP 128
+/* hard limit on recursion for cases with theoretical unlimited recursion */
+#define LY_RECURSION_LIMIT 10000
+
/* internal logging options */
enum int_log_opts {
ILO_LOG = 0, /* log normally */
diff --git a/src/xml.c b/src/xml.c
index 1bc4fdfa5..7e4760976 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -943,7 +943,8 @@ parse_attr(struct ly_ctx *ctx, const char *data, unsigned int *len, struct lyxml
/* logs directly */
struct lyxml_elem *
-lyxml_parse_elem(struct ly_ctx *ctx, const char *data, unsigned int *len, struct lyxml_elem *parent, int options)
+lyxml_parse_elem(struct ly_ctx *ctx, const char *data, unsigned int *len, struct lyxml_elem *parent, int options,
+ int bt_count)
{
const char *c = data, *start, *e;
const char *lws; /* leading white space for handling mixed content */
@@ -958,6 +959,11 @@ lyxml_parse_elem(struct ly_ctx *ctx, const char *data, unsigned int *len, struct
*len = 0;
+ if (bt_count > LY_RECURSION_LIMIT) {
+ LOGVAL(ctx, LYE_XML_INVAL, LY_VLOG_NONE, NULL, "Recursion limit %d reached", LY_RECURSION_LIMIT);
+ return NULL;
+ }
+
if (*c != '<') {
return NULL;
}
@@ -1141,7 +1147,7 @@ lyxml_parse_elem(struct ly_ctx *ctx, const char *data, unsigned int *len, struct
lyxml_add_child(ctx, elem, child);
elem->flags |= LYXML_ELEM_MIXED;
}
- child = lyxml_parse_elem(ctx, c, &size, elem, options);
+ child = lyxml_parse_elem(ctx, c, &size, elem, options, bt_count + 1);
if (!child) {
goto error;
}
@@ -1295,7 +1301,7 @@ lyxml_parse_mem(struct ly_ctx *ctx, const char *data, int options)
}
}
- root = lyxml_parse_elem(ctx, c, &len, NULL, options);
+ root = lyxml_parse_elem(ctx, c, &len, NULL, options, 0);
if (!root) {
goto error;
} else if (!first) {

6
libyang.spec
View File

@ -1,13 +1,14 @@
%global debug_package %{nil} %global debug_package %{nil}
Name: libyang Name: libyang
Version: 1.0.184 Version: 1.0.184
Release: 0 Release: 1
Summary: YANG data modeling language library Summary: YANG data modeling language library
Url: https://github.com/CESNET/libyang Url: https://github.com/CESNET/libyang
Source: %{url}/archive/%{name}-%{version}.tar.gz Source: %{url}/archive/%{name}-%{version}.tar.gz
License: BSD License: BSD
Patch0: libyang-1.0.184-doc.patch Patch0: libyang-1.0.184-doc.patch
Patch1: CVE-2021-28903.patch
Requires: pcre Requires: pcre
BuildRequires: cmake BuildRequires: cmake
@ -126,5 +127,8 @@ cp -r doc/html %{buildroot}/%{_docdir}/libyang/html
%{python3_sitearch}/__pycache__/yang* %{python3_sitearch}/__pycache__/yang*
%changelog %changelog
* Wed Jun 23 2021 yaozc7 <yaozc7@foxmail.com> - 1.0.184-1
- Add patch CVE-2021-28903
* Fri Jul 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.0.184-0 * Fri Jul 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.0.184-0
- Package init - Package init