7131703 Problem with library/libxml
authorKevin Crowe <Kevin.Crowe@oracle.com>
Fri, 17 Feb 2012 05:23:58 -0800
changeset 696 b491465fd766
parent 695 14430a2565d4
child 697 452fae7409ce
7131703 Problem with library/libxml
components/libxml2/patches/13.CVE-2011-3905.patch
components/libxml2/patches/14.CVE-2011-3919.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libxml2/patches/13.CVE-2011-3905.patch	Fri Feb 17 05:23:58 2012 -0800
@@ -0,0 +1,66 @@
+This patch copied/pasted from this link:
+http://git.gnome.org/browse/libxml2/patch/?id=77404b8b69bc122d12231807abf1a837d121b551
+----------------------------------------------------------------------
+From 77404b8b69bc122d12231807abf1a837d121b551 Mon Sep 17 00:00:00 2001
+From: Chris Evans <[email protected]>
+Date: Wed, 14 Dec 2011 08:18:25 +0000
+Subject: Make sure the parser returns when getting a Stop order
+
+patch backported from chromiun bug fixes, assuming author is Chris
+---
+diff --git a/parser.c b/parser.c
+index 21d7aa3..4e5dcb9 100644
+--- a/parser.c
++++ b/parser.c
[email protected]@ -4949,7 +4949,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ 		    (ctxt->sax->processingInstruction != NULL))
+ 		    ctxt->sax->processingInstruction(ctxt->userData,
+ 		                                     target, NULL);
+-		ctxt->instate = state;
++		if (ctxt->instate != XML_PARSER_EOF)
++		    ctxt->instate = state;
+ 		return;
+ 	    }
+ 	    buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar));
[email protected]@ -5029,7 +5030,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ 	} else {
+ 	    xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL);
+ 	}
+-	ctxt->instate = state;
++	if (ctxt->instate != XML_PARSER_EOF)
++	    ctxt->instate = state;
+     }
+ }
+ 
[email protected]@ -9589,6 +9591,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) {
+     else
+ 	name = xmlParseStartTag(ctxt);
+ #endif /* LIBXML_SAX1_ENABLED */
++    if (ctxt->instate == XML_PARSER_EOF)
++	return;
+     if (name == NULL) {
+ 	spacePop(ctxt);
+         return;
[email protected]@ -10975,6 +10979,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
+ 		else
+ 		    name = xmlParseStartTag(ctxt);
+ #endif /* LIBXML_SAX1_ENABLED */
++		if (ctxt->instate == XML_PARSER_EOF)
++		    goto done;
+ 		if (name == NULL) {
+ 		    spacePop(ctxt);
+ 		    ctxt->instate = XML_PARSER_EOF;
[email protected]@ -11161,7 +11167,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
+ 		  else
+ 		    xmlParseEndTag1(ctxt, 0);
+ #endif /* LIBXML_SAX1_ENABLED */
+-		if (ctxt->nameNr == 0) {
++		if (ctxt->instate == XML_PARSER_EOF) {
++		    /* Nothing */
++		} else if (ctxt->nameNr == 0) {
+ 		    ctxt->instate = XML_PARSER_EPILOG;
+ 		} else {
+ 		    ctxt->instate = XML_PARSER_CONTENT;
+--
+cgit v0.9.0.2
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libxml2/patches/14.CVE-2011-3919.patch	Fri Feb 17 05:23:58 2012 -0800
@@ -0,0 +1,25 @@
+This patch copied/pasted from this link:
+http://git.gnome.org/browse/libxml2/patch/?id=5bd3c061823a8499b27422aee04ea20aae24f03e
+----------------------------------------------------------------------
+From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <[email protected]>
+Date: Fri, 16 Dec 2011 10:53:35 +0000
+Subject: Fix an allocation error when copying entities
+
+---
+diff --git a/parser.c b/parser.c
+index 4e5dcb9..c55e41d 100644
+--- a/parser.c
++++ b/parser.c
[email protected]@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ 
+ 		buffer[nbchars++] = '&';
+ 		if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
+-		    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
++		    growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
+ 		}
+ 		for (;i > 0;i--)
+ 		    buffer[nbchars++] = *cur++;
+--
+cgit v0.9.0.2
+