30 lines
1.0 KiB
Plaintext
30 lines
1.0 KiB
Plaintext
$OpenBSD: patch-xpath_c,v 1.1 2010/12/28 10:53:02 jasper Exp $
|
|
|
|
Fix for CVE-2010-4494, Libxml2 XPath Double Free Vulnerability.
|
|
|
|
From upstream git:
|
|
http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722
|
|
|
|
--- xpath.c.orig Wed Nov 3 20:18:27 2010
|
|
+++ xpath.c Tue Dec 28 11:35:16 2010
|
|
@@ -11763,11 +11763,15 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserCo
|
|
|
|
if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
|
|
xmlXPathObjectPtr tmp;
|
|
- /* pop the result */
|
|
+ /* pop the result if any */
|
|
tmp = valuePop(ctxt);
|
|
- xmlXPathReleaseObject(xpctxt, tmp);
|
|
- /* then pop off contextObj, which will be freed later */
|
|
- valuePop(ctxt);
|
|
+ if (tmp != contextObj)
|
|
+ /*
|
|
+ * Free up the result
|
|
+ * then pop off contextObj, which will be freed later
|
|
+ */
|
|
+ xmlXPathReleaseObject(xpctxt, tmp);
|
|
+ valuePop(ctxt);
|
|
goto evaluation_error;
|
|
}
|
|
|