File Fix-for-CVE-2021-26222-ezxml-bug-22.patch of Package netcdf
From: Egbert Eich <eich@suse.com>
Date: Mon Oct 25 15:48:44 2021 +0200
Subject: Fix for CVE-2021-26222 / ezxml bug 22
Make sure malloc() succeeds.
This fixes
https://sourceforge.net/p/ezxml/bugs/22/
Signed-off-by: Egbert Eich <eich@suse.com>
---
netcdf-c-4.8.0/libdap4/ezxml.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c
index 6c535ff..1258b67 100644
--- a/libdap4/ezxml.c
+++ b/libdap4/ezxml.c
@@ -805,12 +805,14 @@ ezxml_t ezxml_new(const char *name)
static const char *entities[] = { "lt;", "<", "gt;", ">", "quot;", """,
"apos;", "'", "amp;", "&", NULL };
ezxml_root_t root;
+ char **p_ent;
if (!(root = malloc(sizeof(struct ezxml_root)))) return NULL; // bug#21
root = (ezxml_root_t)memset(root, '\0', sizeof(struct ezxml_root));
root->xml.name = (char *)name;
+ if (!(p_ent = malloc(sizeof(entities)))) { free(root); return NULL; }; // bug#22 CVE-2021-26222
root->cur = &root->xml;
strcpy(root->err, root->xml.txt = "");
- root->ent = memcpy(malloc(sizeof(entities)), entities, sizeof(entities));
+ root->ent = memcpy(p_ent, entities, sizeof(entities));
root->attr = root->pi = (char ***)(root->xml.attr = (char**)EZXML_NIL);
return &root->xml;
}
