Security fix for CVE-2010-4494,

Libxml2 XPath Double Free Vulnerability Patch from upstream git.
2010-12-28 10:53:02 +00:00 · 2010-12-28 10:53:02 +00:00 · 0f0605e729
commit 0f0605e729
parent 2b8a3f7ec4
2 changed files with 32 additions and 2 deletions
--- a/textproc/libxml/Makefile
+++ b/textproc/libxml/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.133 2010/11/21 12:25:49 espie Exp $
+# $OpenBSD: Makefile,v 1.134 2010/12/28 10:53:02 jasper Exp $

 COMMENT-main=		XML parsing library
 COMMENT-python=		Python bindings for libxml
@ -6,7 +6,8 @@ COMMENT-python=		Python bindings for libxml
 VERSION=		2.7.8
 DISTNAME=		libxml2-${VERSION}
 PKGNAME-main=		libxml-${VERSION}
-REVISION =		0
+REVISION =		1
+REVISION-python =	0
 PKGNAME-python=		py-libxml-${VERSION}
 SHARED_LIBS=		xml2	12.0
 CATEGORIES=		textproc
--- a/textproc/libxml/patches/patch-xpath_c
+++ b/textproc/libxml/patches/patch-xpath_c
@ -0,0 +1,29 @@
+$OpenBSD: patch-xpath_c,v 1.1 2010/12/28 10:53:02 jasper Exp $
+
+Fix for CVE-2010-4494, Libxml2 XPath Double Free Vulnerability.
+
+From upstream git:
+http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722
+
+--- xpath.c.orig	Wed Nov  3 20:18:27 2010
+++ xpath.c	Tue Dec 28 11:35:16 2010
+@@ -11763,11 +11763,15 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserCo
+ 
+ 	    if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
+ 	        xmlXPathObjectPtr tmp;
+-		/* pop the result */
+		/* pop the result if any */
+ 		tmp = valuePop(ctxt);
+-		xmlXPathReleaseObject(xpctxt, tmp);
+-		/* then pop off contextObj, which will be freed later */
+-		valuePop(ctxt);
+                if (tmp != contextObj)
+                    /*
+                     * Free up the result
+                     * then pop off contextObj, which will be freed later
+                     */
+                    xmlXPathReleaseObject(xpctxt, tmp);
+                    valuePop(ctxt);
+ 		goto evaluation_error;
+ 	    }
+