Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
expat.35320
expat-CVE-2017-9233.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File expat-CVE-2017-9233.patch of Package expat.35320
From c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f Mon Sep 17 00:00:00 2001 From: Rhodri James <rhodri@kynesim.co.uk> Date: Wed, 14 Jun 2017 23:45:07 +0200 Subject: [PATCH] xmlparse.c: Fix external entity infinite loop bug (CVE-2017-9233) --- expat/lib/xmlparse.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 7818f8df..21145964 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -3981,6 +3981,14 @@ entityValueInitProcessor(XML_Parser parser, *nextPtr = next; return XML_ERROR_NONE; } + /* If we get this token, we have the start of what might be a + normal tag, but not a declaration (i.e. it doesn't begin with + "<!"). In a DTD context, that isn't legal. + */ + else if (tok == XML_TOK_INSTANCE_START) { + *nextPtr = next; + return XML_ERROR_SYNTAX; + } start = next; eventPtr = start; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor