We have some news to share for the request index beta feature. We’ve added more options to sort your requests, counters to the individual filters and documentation for the search functionality. Checkout the blog post for more details.

Overview

File libxml2-CVE-2025-9714.patch of Package libxml2.42407

From 677a42645ef22b5a50741bad5facf9d8a8bc6d21 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 28 Jul 2022 20:21:24 +0200
Subject: [PATCH] Make XPath depth check work with recursive invocations

EXSLT functions like dyn:map or dyn:evaluate invoke xmlXPathRunEval
recursively. Don't set depth to zero but keep and restore the original
value to avoid stack overflows when abusing these functions.
---
 xpath.c | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

Index: libxml2-2.9.4/xpath.c
===================================================================
--- libxml2-2.9.4.orig/xpath.c
+++ libxml2-2.9.4/xpath.c
@@ -14662,12 +14662,11 @@ static int
 xmlXPathRunEval(xmlXPathParserContextPtr ctxt, int toBool)
 {
     xmlXPathCompExprPtr comp;
+    int oldDepth;
 
     if ((ctxt == NULL) || (ctxt->comp == NULL))
 	return(-1);
 
-    ctxt->context->depth = 0;
-
     if (ctxt->valueTab == NULL) {
 	/* Allocate the value stack */
 	ctxt->valueTab = (xmlXPathObjectPtr *)
@@ -14721,11 +14720,13 @@ xmlXPathRunEval(xmlXPathParserContextPtr
 	    "xmlXPathRunEval: last is less than zero\n");
 	return(-1);
     }
+    oldDepth = ctxt->context->depth;
     if (toBool)
 	return(xmlXPathCompOpEvalToBoolean(ctxt,
 	    &comp->steps[comp->last], 0));
     else
 	xmlXPathCompOpEval(ctxt, &comp->steps[comp->last]);
+    ctxt->context->depth = oldDepth;
 
     return(0);
 }
@@ -14997,6 +14998,7 @@ xmlXPathCompExprPtr
 xmlXPathCtxtCompile(xmlXPathContextPtr ctxt, const xmlChar *str) {
     xmlXPathParserContextPtr pctxt;
     xmlXPathCompExprPtr comp;
+    int oldDepth = 0;
 
 #ifdef XPATH_STREAMING
     comp = xmlXPathTryStreamCompile(ctxt, str);
@@ -15010,8 +15012,10 @@ xmlXPathCtxtCompile(xmlXPathContextPtr c
     if (pctxt == NULL)
         return NULL;
     if (ctxt != NULL)
-        ctxt->depth = 0;
+        oldDepth = ctxt->depth;
     xmlXPathCompileExpr(pctxt, 1);
+    if (ctxt != NULL)
+        ctxt->depth = oldDepth;
 
     if( pctxt->error != XPATH_EXPRESSION_OK )
     {
@@ -15032,8 +15036,10 @@ xmlXPathCtxtCompile(xmlXPathContextPtr c
 	comp = pctxt->comp;
 	if ((comp->nbStep > 1) && (comp->last >= 0)) {
             if (ctxt != NULL)
-                ctxt->depth = 0;
+                oldDepth = ctxt->depth;
 	    xmlXPathOptimizeExpression(pctxt, &comp->steps[comp->last]);
+            if (ctxt != NULL)
+                ctxt->depth = oldDepth;
 	}
 	pctxt->comp = NULL;
     }
@@ -15205,6 +15211,7 @@ xmlXPathEvalExpr(xmlXPathParserContextPt
 #ifdef XPATH_STREAMING
     xmlXPathCompExprPtr comp;
 #endif
+    int oldDepth = 0;
 
     if (ctxt == NULL) return;
 
@@ -15220,17 +15227,21 @@ xmlXPathEvalExpr(xmlXPathParserContextPt
 #endif
     {
         if (ctxt->context != NULL)
-            ctxt->context->depth = 0;
+            oldDepth = ctxt->context->depth;
 	xmlXPathCompileExpr(ctxt, 1);
+        if (ctxt->context != NULL)
+            ctxt->context->depth = oldDepth;
 	if ((ctxt->error == XPATH_EXPRESSION_OK) &&
 	    (ctxt->comp != NULL) &&
 	    (ctxt->comp->nbStep > 1) &&
 	    (ctxt->comp->last >= 0))
 	{
             if (ctxt->context != NULL)
-              ctxt->context->depth = 0;
+               oldDepth = ctxt->context->depth;
 	    xmlXPathOptimizeExpression(ctxt,
 		&ctxt->comp->steps[ctxt->comp->last]);
+            if (ctxt->context != NULL)
+              ctxt->context->depth = oldDepth;
 	}
     }
     CHECK_ERROR;
openSUSE Build Service is sponsored by
Places