Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
python-libxml2.3902
libxml2-2.9.1-CVE-2016-4483.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libxml2-2.9.1-CVE-2016-4483.patch of Package python-libxml2.3902
From c97750d11bb8b6f3303e7131fe526a61ac65bcfd Mon Sep 17 00:00:00 2001 From: Daniel Veillard <veillard@redhat.com> Date: Mon, 23 May 2016 13:39:13 +0800 Subject: Avoid an out of bound access when serializing malformed strings For https://bugzilla.gnome.org/show_bug.cgi?id=766414 * xmlsave.c: xmlBufAttrSerializeTxtContent() if an attribute value is not UTF-8 be more careful when serializing it as we may do an out of bound access as a result. --- xmlsave.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xmlsave.c b/xmlsave.c index 774404b..4a8e3f3 100644 --- a/xmlsave.c +++ b/xmlsave.c @@ -2097,8 +2097,8 @@ xmlBufAttrSerializeTxtContent(xmlBufPtr buf, xmlDocPtr doc, xmlBufAdd(buf, BAD_CAST "&", 5); cur++; base = cur; - } else if ((*cur >= 0x80) && ((doc == NULL) || - (doc->encoding == NULL))) { + } else if ((*cur >= 0x80) && (cur[1] != 0) && + ((doc == NULL) || (doc->encoding == NULL))) { /* * We assume we have UTF-8 content. */ @@ -2121,14 +2121,14 @@ xmlBufAttrSerializeTxtContent(xmlBufPtr buf, xmlDocPtr doc, val <<= 6; val |= (cur[1]) & 0x3F; l = 2; - } else if (*cur < 0xF0) { + } else if ((*cur < 0xF0) && (cur [2] != 0)) { val = (cur[0]) & 0x0F; val <<= 6; val |= (cur[1]) & 0x3F; val <<= 6; val |= (cur[2]) & 0x3F; l = 3; - } else if (*cur < 0xF8) { + } else if ((*cur < 0xF8) && (cur [2] != 0) && (cur[3] != 0)) { val = (cur[0]) & 0x07; val <<= 6; val |= (cur[1]) & 0x3F; -- cgit v0.12
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor