Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
expat.22988
expat-CVE-2019-15903.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File expat-CVE-2019-15903.patch of Package expat.22988
From c20b758c332d9a13afbbb276d30db1d183a85d43 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping <sebastian@pipping.org> Date: Wed, 28 Aug 2019 00:24:59 +0200 Subject: [PATCH] xmlparse.c: Deny internal entities closing the doctype --- expat/lib/xmlparse.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) Index: expat-2.1.0/lib/xmlparse.c =================================================================== --- expat-2.1.0.orig/lib/xmlparse.c +++ expat-2.1.0/lib/xmlparse.c @@ -338,7 +338,7 @@ initializeEncoding(XML_Parser parser); static enum XML_Error doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, int tok, const char *next, const char **nextPtr, - XML_Bool haveMore); + XML_Bool haveMore, XML_Bool allowClosingDoctype); static enum XML_Error processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl); @@ -3745,7 +3745,7 @@ externalParEntProcessor(XML_Parser parse processor = prologProcessor; return doProlog(parser, encoding, s, end, tok, next, - nextPtr, (XML_Bool)!ps_finalBuffer); + nextPtr, (XML_Bool)!ps_finalBuffer, XML_TRUE); } static enum XML_Error PTRCALL @@ -3795,7 +3795,7 @@ prologProcessor(XML_Parser parser, const char *next = s; int tok = XmlPrologTok(encoding, s, end, &next); return doProlog(parser, encoding, s, end, tok, next, - nextPtr, (XML_Bool)!ps_finalBuffer); + nextPtr, (XML_Bool)!ps_finalBuffer, XML_TRUE); } static enum XML_Error @@ -3806,7 +3806,8 @@ doProlog(XML_Parser parser, int tok, const char *next, const char **nextPtr, - XML_Bool haveMore) + XML_Bool haveMore, + XML_Bool allowClosingDoctype) { #ifdef XML_DTD static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' }; @@ -3982,6 +3983,10 @@ doProlog(XML_Parser parser, } break; case XML_ROLE_DOCTYPE_CLOSE: + if (allowClosingDoctype != XML_TRUE) { + /* Must not close doctype from within expanded parameter entities */ + return XML_ERROR_INVALID_TOKEN; + } if (doctypeName) { startDoctypeDeclHandler(handlerArg, doctypeName, doctypeSysid, doctypePubid, 0); @@ -4883,7 +4888,7 @@ processInternalEntity(XML_Parser parser, if (entity->is_param) { int tok = XmlPrologTok(internalEncoding, textStart, textEnd, &next); result = doProlog(parser, internalEncoding, textStart, textEnd, tok, - next, &next, XML_FALSE); + next, &next, XML_FALSE, XML_FALSE); } else #endif /* XML_DTD */ @@ -4928,7 +4933,7 @@ internalEntityProcessor(XML_Parser parse if (entity->is_param) { int tok = XmlPrologTok(internalEncoding, textStart, textEnd, &next); result = doProlog(parser, internalEncoding, textStart, textEnd, tok, - next, &next, XML_FALSE); + next, &next, XML_FALSE, XML_TRUE); } else #endif /* XML_DTD */ @@ -4955,7 +4960,7 @@ internalEntityProcessor(XML_Parser parse processor = prologProcessor; tok = XmlPrologTok(encoding, s, end, &next); return doProlog(parser, encoding, s, end, tok, next, nextPtr, - (XML_Bool)!ps_finalBuffer); + (XML_Bool)!ps_finalBuffer, XML_TRUE); } else #endif /* XML_DTD */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor