We have some news to share for the request index beta feature. We’ve added more options to sort your requests, counters to the individual filters and documentation for the search functionality. Checkout the blog post for more details.

Overview

File libxml2-CVE-2023-29469.patch of Package libxml2.42407

From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 7 Apr 2023 11:49:27 +0200
Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
 deterministic

When hashing empty strings which aren't null-terminated,
xmlDictComputeFastKey could produce inconsistent results. This could
lead to various logic or memory errors, including double frees.

For consistency the seed is also taken into account, but this shouldn't
have an impact on security.

Found by OSS-Fuzz.

Fixes #510.
---
 dict.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Index: libxml2-2.9.7/dict.c
===================================================================
--- libxml2-2.9.7.orig/dict.c
+++ libxml2-2.9.7/dict.c
@@ -445,6 +445,8 @@ xmlDictComputeFastKey(const xmlChar *nam
     unsigned long value = seed;
 
     if (name == NULL) return(0);
+    if ((name == NULL) || (namelen <= 0))
+        return(value);
     value = *name;
     value <<= 5;
     if (namelen > 10) {
openSUSE Build Service is sponsored by
Places