Overview

File Fix-for-CVE-2019-20007-ezxml-bug-13.patch of Package netcdf.21642

From: Egbert Eich <eich@suse.com>
Date: Mon Oct 25 15:44:01 2021 +0200
Subject: Fix for CVE-2019-20007 / ezxml bug 13
Patch-mainline: Not yet
Git-commit: 91e6437b9f1ceef9ea31cee9f7ed217ad85083a3
References: 

Make sure that ezxml_str2utf8() has succeeded.
This fixes
 https://sourceforge.net/p/ezxml/bugs/13/

Signed-off-by: Egbert Eich <eich@suse.com>
---
 libdap4/ezxml.c | 1 +
 1 file changed, 1 insertion(+)
diff --git a/libdap4/ezxml.c b/libdap4/ezxml.c
index 275cda0..c800d69 100644
--- a/libdap4/ezxml.c
+++ b/libdap4/ezxml.c
@@ -485,6 +485,7 @@ ezxml_t ezxml_parse_str(char *s, size_t len)
     root->m = s;
     if (! len) return ezxml_err(root, NULL, "root tag missing");
     root->u = ezxml_str2utf8(&s, &len); /* convert utf-16 to utf-8*/
+    if (! s) return ezxml_err(root, NULL, "invalid root tag"); // bug#13 / CVE-2019-20007
     root->e = (root->s = s) + len; /* record start and end of work area*/
     
     e = s[len - 1]; /* save end char*/
openSUSE Build Service is sponsored by
Places