Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
xerces-j2
xerces-j2-CVE-2022-23437.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xerces-j2-CVE-2022-23437.patch of Package xerces-j2
Index: xerces-2_11_0/src/org/apache/xerces/impl/XML11EntityScanner.java =================================================================== --- xerces-2_11_0.orig/src/org/apache/xerces/impl/XML11EntityScanner.java +++ xerces-2_11_0/src/org/apache/xerces/impl/XML11EntityScanner.java @@ -108,9 +108,11 @@ public class XML11EntityScanner load(1, false); } if (c == '\r' && external) { - int cc = fCurrentEntity.ch[fCurrentEntity.position++]; - if (cc != '\n' && cc != 0x85) { - fCurrentEntity.position--; + if (fCurrentEntity.position < fCurrentEntity.count) { + int cc = fCurrentEntity.ch[fCurrentEntity.position++]; + if (cc != '\n' && cc != 0x85) { + fCurrentEntity.position--; + } } } c = '\n'; @@ -1004,7 +1006,7 @@ public class XML11EntityScanner c = fCurrentEntity.ch[fCurrentEntity.position++]; // In internal entities control characters are allowed to appear unescaped. if ((c == quote && !fCurrentEntity.literal) - || c == '%' || !XML11Char.isXML11InternalEntityContent(c)) { + || c == '%' || !(XML11Char.isXML11InternalEntityContent(c) || c == '\r' )) { fCurrentEntity.position--; break; } Index: xerces-2_11_0/src/org/apache/xerces/impl/XMLEntityScanner.java =================================================================== --- xerces-2_11_0.orig/src/org/apache/xerces/impl/XMLEntityScanner.java +++ xerces-2_11_0/src/org/apache/xerces/impl/XMLEntityScanner.java @@ -257,8 +257,10 @@ public class XMLEntityScanner implements load(1, false); } if (c == '\r' && external) { - if (fCurrentEntity.ch[fCurrentEntity.position++] != '\n') { - fCurrentEntity.position--; + if (fCurrentEntity.position < fCurrentEntity.count) { + if (fCurrentEntity.ch[fCurrentEntity.position++] != '\n') { + fCurrentEntity.position--; + } } c = '\n'; } @@ -916,7 +918,7 @@ public class XMLEntityScanner implements c = fCurrentEntity.ch[fCurrentEntity.position++]; if ((c == quote && (!fCurrentEntity.literal || external)) - || c == '%' || !XMLChar.isContent(c)) { + || c == '%' || !(XMLChar.isContent(c) || c == '\r' && !external)) { fCurrentEntity.position--; break; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor