Segmentation fault when if-feature is used in list key node, with a non existing feature

[jvijtiuk]

If an if-feature statement is used inside a list key node, and the feature used is not defined, yanglint and yangfuzz segfault in lys_parse_path.

Here is an example of a yang file that crashes the parser:

module links {
  namespace "urn:module2";
  prefix mod2;

  list list-for-augment {
    key "keyleaf";

    leaf keyleaf {
      if-feature foo;
      type string;
    }

    leaf test {
      type string;
    }
  }
}

[michalvasko]

Hi,
should be fixed.

Regards,
Michal

[ret2libc]

CVE-2019-20392 was assigned to this issue.

[SuhwanSong]

@ret2libc
When did you request CVE assigning to this issue?

[ret2libc]

@SuhwanSong Yesterday. Is it ok?

[SuhwanSong]

@ret2libc Thanks!

I requested CVEs but I've not received any reply except confirm email.
Did it ever take you long to get CVEs?

[ret2libc]

No it generally takes one or two days at most. Did you request CVEs for any of these issues that already for a CVE? Did you request them to MITRE?

[SuhwanSong]

@ret2libc
Hmm, I requested over 80 CVEs for FFmpeg, ImageMagick, GhostScript Issues to MITRE 4 months ago (not including libyang project). (e.g. request 1, request 2)

Besides these issues that I've reported are not assigned as CVE.

But I got no replies from them, so there are still many issues that I haven't reported yet such as
ghostscript issue.