After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 748278 - Concerns about CVE-2015-1819 fix
Concerns about CVE-2015-1819 fix
Status: RESOLVED OBSOLETE
Product: libxml2
Classification: Platform
Component: general
git master
Other Linux
: Normal normal
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2015-04-22 06:52 UTC by Florian Weimer
Modified: 2021-07-05 13:20 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Florian Weimer 2015-04-22 06:52:32 UTC
The fix for CVE-2015-1819 in commit 213f1fe0d76d30eaed6e5853057defc43e6df2c9 causes libxml2 to return the empty string "" when the allocation limit is encountered while constructing the attribute value string.  This allows one to create an XML document which has slightly different contents when parsed with different parsers.  This can result in so-called interpretation conflicts and lead to security vulnerabilities if applications interact in particular ways.

xmlTextReaderConstValue can return NULL on error for other reasons (although this is not documented), so callers still have to check for the error return value.

A straight crash is usually less bad than triggering the OOM killer, so I don't think the cure is worse than the disease in this case.
Comment 1 Daniel Veillard 2015-04-22 08:31:24 UTC
I don't see the reason for the concern. And the minimal difference would be at least 10MBytes in size, hardly a way to sneak subtle changes.

Daniel
Comment 2 GNOME Infrastructure Team 2021-07-05 13:20:47 UTC
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/libxml2/-/issues/

Thank you for your understanding and your help.