File libxml-CVE-2009-2414_CVE-2009-2616.patch of Package libxml

Overview Repositories Revisions Requests Users Attributes Meta

File libxml-CVE-2009-2414_CVE-2009-2616.patch of Package libxml (Revision 92536497d8489519a00a233dfe460049)

Currently displaying revision 92536497d8489519a00a233dfe460049 , Show latest

--- parser.c	2001-09-14 16:09:41.000000000 +0200
+++ parser.c	2009-09-04 16:19:02.346906948 +0200
@@ -5164,11 +5164,15 @@ xmlParseNotationType(xmlParserCtxtPtr ct
 		                 "Name expected in NOTATION declaration\n");
 	    ctxt->wellFormed = 0;
 	    ctxt->disableSAX = 1;
-	    return(ret);
+	    xmlFreeEnumeration(ret);
+	    return(NULL);
 	}
 	cur = xmlCreateEnumeration(name);
 	xmlFree(name);
-	if (cur == NULL) return(ret);
+	if (cur == NULL) {
+	    xmlFreeEnumeration(ret);
+	    return(NULL);
+	}
 	if (last == NULL) ret = last = cur;
 	else {
 	    last->next = cur;
@@ -5183,9 +5187,8 @@ xmlParseNotationType(xmlParserCtxtPtr ct
 	                     "')' required to finish NOTATION declaration\n");
 	ctxt->wellFormed = 0;
 	ctxt->disableSAX = 1;
-	if ((last != NULL) && (last != ret))
-	    xmlFreeEnumeration(last);
-	return(ret);
+	xmlFreeEnumeration(ret);
+	return(NULL);
     }
     NEXT;
     return(ret);
@@ -5236,7 +5239,10 @@ xmlParseEnumerationType(xmlParserCtxtPtr
 	}
 	cur = xmlCreateEnumeration(name);
 	xmlFree(name);
-	if (cur == NULL) return(ret);
+	if (cur == NULL) {
+	    xmlFreeEnumeration(ret);
+	    return(NULL);
+	}
 	if (last == NULL) ret = last = cur;
 	else {
 	    last->next = cur;
@@ -5715,13 +5721,22 @@ xmlParseElementChildrenContentDecl
     xmlChar *elem;
     xmlChar type = 0;
 
+    if (ctxt->depth > 128) {
+	ctxt->sax->error(ctxt->userData, 
+	"xmlParseElementChildrenContentDecl : depth %d too deep\n",
+	ctxt->depth);
+	return(NULL);
+    }
+
     SKIP_BLANKS;
     GROW;
     if (RAW == '(') {
         /* Recurse on first child */
 	NEXT;
 	SKIP_BLANKS;
+	ctxt->depth++;
         cur = ret = xmlParseElementChildrenContentDecl(ctxt);
+	ctxt->depth--;
 	SKIP_BLANKS;
 	GROW;
     } else {
@@ -5865,7 +5880,9 @@ xmlParseElementChildrenContentDecl
 	    /* Recurse on second child */
 	    NEXT;
 	    SKIP_BLANKS;
+	    ctxt->depth++;
 	    last = xmlParseElementChildrenContentDecl(ctxt);
+	    ctxt->depth--;
 	    SKIP_BLANKS;
 	} else {
 	    elem = xmlParseNameComplex(ctxt);

Places

File libxml-CVE-2009-2414_CVE-2009-2616.patch of Package libxml (Revision 92536497d8489519a00a233dfe460049)

Places