File CVE-2014-8090.patch of Package ruby2.1.277

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2014-8090.patch of Package ruby2.1.277

diff -Naur a/lib/rexml/document.rb b/lib/rexml/document.rb
--- a/lib/rexml/document.rb	2013-04-23 10:41:56.000000000 +0200
+++ b/lib/rexml/document.rb	2014-12-18 17:23:47.100501863 +0100
@@ -278,6 +278,10 @@
       end
     end
 
+    def document
+      self
+    end
+
     private
     def build( source )
       Parsers::TreeParser.new( source, self ).parse
diff -Naur a/lib/rexml/entity.rb b/lib/rexml/entity.rb
--- a/lib/rexml/entity.rb	2014-12-18 17:26:52.090512517 +0100
+++ b/lib/rexml/entity.rb	2014-12-18 17:23:47.100501863 +0100
@@ -157,6 +157,7 @@
 
   # This is a set of entity constants -- the ones defined in the XML
   # specification.  These are +gt+, +lt+, +amp+, +quot+ and +apos+.
+  # CAUTION: these entities does not have parent and document
   module EntityConst
     # +>+
     GT = Entity.new( 'gt', '>' )
diff -Naur a/test/rexml/test_document.rb b/test/rexml/test_document.rb
--- a/test/rexml/test_document.rb	2014-12-18 17:26:52.090512517 +0100
+++ b/test/rexml/test_document.rb	2014-12-18 17:25:45.342508673 +0100
@@ -47,6 +47,22 @@
 </member>
 EOF
 
+    XML_WITH_NESTED_EMPTY_ENTITY = <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE member [
+  <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
+  <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
+  <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">
+  <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">
+  <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">
+  <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">
+  <!ENTITY g "">
+]>
+<member>
+&a;
+</member>
+EOF
+
     XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF
 <!DOCTYPE root [
   <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.">
@@ -57,7 +73,21 @@
   <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;">
   <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;">
  <!ENTITY test "test %g;">
-+]>
+]>
+<cd></cd>
+EOF
+
+    XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY = <<EOF
+<!DOCTYPE root [
+  <!ENTITY % a "">
+  <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;">
+  <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;">
+  <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;">
+  <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;">
+  <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;">
+  <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;">
+  <!ENTITY test "test %g;">
+]>
 <cd></cd>
 EOF
 
@@ -87,6 +117,18 @@
     end
     assert_equal(101, doc.entity_expansion_count)
 
+    doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY)
+    assert_raise(RuntimeError) do
+      doc.root.children.first.value
+    end
+    REXML::Document.entity_expansion_limit = 100
+    assert_equal(100, REXML::Document.entity_expansion_limit)
+    doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY)
+    assert_raise(RuntimeError) do
+      doc.root.children.first.value
+    end
+    assert_equal(101, doc.entity_expansion_count)
+
     REXML::Security.entity_expansion_limit = 4
     doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION)
     assert_equal("\na\na a\n<\n", doc.root.children.first.value)
@@ -95,6 +137,15 @@
     assert_raise(RuntimeError) do
       doc.root.children.first.value
     end
+
+    assert_raise(REXML::ParseException) do
+      REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY)
+    end
+    REXML::Document.entity_expansion_limit = 100
+    assert_equal(100, REXML::Document.entity_expansion_limit)
+    assert_raise(REXML::ParseException) do
+      REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY)
+    end
   ensure
     REXML::Security.entity_expansion_limit = 10000
   end

Places

File CVE-2014-8090.patch of Package ruby2.1.277

Places