Contents

From 5865b9545891a38608374ff6458663e483a0dfb5 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 29 Oct 2015 19:33:23 +0800
Subject: [PATCH] Fix for type confusion in preprocessing attributes

CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
We need to check that the parent node is an element before dereferencing
its namespace
---
 libxslt/preproc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libxslt/preproc.c b/libxslt/preproc.c
index 4ef3f63..dac6acb 100644
--- a/libxslt/preproc.c
+++ b/libxslt/preproc.c
@@ -2245,7 +2245,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
 	} else if (IS_XSLT_NAME(inst, "attribute")) {
 	    xmlNodePtr parent = inst->parent;
 
-	    if ((parent == NULL) || (parent->ns == NULL) ||
+	    if ((parent == NULL) ||
+	        (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
 		((parent->ns != inst->ns) &&
 		 (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
 		(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
-- 
2.5.0

Version data entries

21 entries across 21 versions & 4 rubygems

Version	Path
vagrant-compose-yaml-0.1.3	vendor/bundle/ruby/2.2.0/gems/nokogiri-1.6.7.1/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
vagrant-compose-yaml-0.1.2	vendor/bundle/ruby/2.2.0/gems/nokogiri-1.6.7.1/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
vagrant-compose-yaml-0.1.1	vendor/bundle/ruby/2.2.0/gems/nokogiri-1.6.7.1/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
vagrant-compose-yaml-0.1.0	vendor/bundle/ruby/2.2.0/gems/nokogiri-1.6.7.1/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
vagrant-unbundled-1.8.5.2	vendor/bundle/ruby/2.3.0/gems/nokogiri-1.6.7.2/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
vagrant-unbundled-1.8.5.1	vendor/bundle/ruby/2.3.0/gems/nokogiri-1.6.7.2/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
vagrant-unbundled-1.8.4.2	vendor/bundle/ruby/2.3.0/gems/nokogiri-1.6.7.2/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
vagrant-unbundled-1.8.4.1	vendor/bundle/ruby/2.3.0/gems/nokogiri-1.6.7.2/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
ish_lib_manager-0.0.1	test/dummy/vendor/bundle/ruby/2.3.0/gems/nokogiri-1.6.7.2/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.8.rc3	patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.7.2	patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.8.rc2	patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
vagrant-unbundled-1.8.1.1	vendor/bundle/ruby/2.3.0/gems/nokogiri-1.6.7.1/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.8.rc1	patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.7.1	patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.7	patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.7.rc4	patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.6.4	ports/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.6.4-java	ports/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch
nokogiri-1.6.6.3	ports/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch