rpms/libxml2/F-10 libxml2-2.7.3-ficora-parse.patch, NONE, 1.1 libxml2.spec, 1.63, 1.64
Daniel Veillard
veillard at fedoraproject.org
Mon Aug 10 14:31:30 UTC 2009
Author: veillard
Update of /cvs/pkgs/rpms/libxml2/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20958
Modified Files:
libxml2.spec
Added Files:
libxml2-2.7.3-ficora-parse.patch
Log Message:
- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416
Daniel
libxml2-2.7.3-ficora-parse.patch:
parser.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 67 insertions(+), 12 deletions(-)
--- NEW FILE libxml2-2.7.3-ficora-parse.patch ---
diff --git a/parser.c b/parser.c
index a476060..b404722 100644
--- a/parser.c
+++ b/parser.c
@@ -5323,7 +5323,8 @@ xmlParseNotationType(xmlParserCtxtPtr ctxt) {
if (name == NULL) {
xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
"Name expected in NOTATION declaration\n");
- return(ret);
+ xmlFreeEnumeration(ret);
+ return(NULL);
}
tmp = ret;
while (tmp != NULL) {
@@ -5339,7 +5340,10 @@ xmlParseNotationType(xmlParserCtxtPtr ctxt) {
}
if (tmp == NULL) {
cur = xmlCreateEnumeration(name);
- if (cur == NULL) return(ret);
+ if (cur == NULL) {
+ xmlFreeEnumeration(ret);
+ return(NULL);
+ }
if (last == NULL) ret = last = cur;
else {
last->next = cur;
@@ -5350,9 +5354,8 @@ xmlParseNotationType(xmlParserCtxtPtr ctxt) {
} while (RAW == '|');
if (RAW != ')') {
xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
- if ((last != NULL) && (last != ret))
- xmlFreeEnumeration(last);
- return(ret);
+ xmlFreeEnumeration(ret);
+ return(NULL);
}
NEXT;
return(ret);
@@ -5407,7 +5410,10 @@ xmlParseEnumerationType(xmlParserCtxtPtr ctxt) {
cur = xmlCreateEnumeration(name);
if (!xmlDictOwns(ctxt->dict, name))
xmlFree(name);
- if (cur == NULL) return(ret);
+ if (cur == NULL) {
+ xmlFreeEnumeration(ret);
+ return(NULL);
+ }
if (last == NULL) ret = last = cur;
else {
last->next = cur;
@@ -5775,9 +5781,10 @@ xmlParseElementMixedContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
}
/**
- * xmlParseElementChildrenContentDecl:
+ * xmlParseElementChildrenContentDeclPriv:
* @ctxt: an XML parser context
* @inputchk: the input used for the current entity, needed for boundary checks
+ * @depth: the level of recursion
*
* parse the declaration for a Mixed Element content
* The leading '(' and spaces have been skipped in xmlParseElementContentDecl
@@ -5805,12 +5812,20 @@ xmlParseElementMixedContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
* Returns the tree of xmlElementContentPtr describing the element
* hierarchy.
*/
-xmlElementContentPtr
-xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
+static xmlElementContentPtr
+xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
+ int depth) {
xmlElementContentPtr ret = NULL, cur = NULL, last = NULL, op = NULL;
const xmlChar *elem;
xmlChar type = 0;
+ if (((depth > 128) && ((ctxt->options & XML_PARSE_HUGE) == 0)) ||
+ (depth > 2048)) {
+ xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED,
+"xmlParseElementChildrenContentDecl : depth %d too deep, use XML_PARSE_HUGE\n",
+ depth);
+ return(NULL);
+ }
SKIP_BLANKS;
GROW;
if (RAW == '(') {
@@ -5819,7 +5834,8 @@ xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
/* Recurse on first child */
NEXT;
SKIP_BLANKS;
- cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
+ depth + 1);
SKIP_BLANKS;
GROW;
} else {
@@ -5951,7 +5967,8 @@ xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
/* Recurse on second child */
NEXT;
SKIP_BLANKS;
- last = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
+ depth + 1);
SKIP_BLANKS;
} else {
elem = xmlParseName(ctxt);
@@ -6062,6 +6079,44 @@ xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
}
/**
+ *
+ * xmlParseElementChildrenContentDecl:
+ * @ctxt: an XML parser context
+ * @inputchk: the input used for the current entity, needed for boundary checks
+ * @depth: the level of recursion
+ *
+ * parse the declaration for a Mixed Element content
+ * The leading '(' and spaces have been skipped in xmlParseElementContentDecl
+ *
+ * [47] children ::= (choice | seq) ('?' | '*' | '+')?
+ *
+ * [48] cp ::= (Name | choice | seq) ('?' | '*' | '+')?
+ *
+ * [49] choice ::= '(' S? cp ( S? '|' S? cp )* S? ')'
+ *
+ * [50] seq ::= '(' S? cp ( S? ',' S? cp )* S? ')'
+ *
+ * [ VC: Proper Group/PE Nesting ] applies to [49] and [50]
+ * TODO Parameter-entity replacement text must be properly nested
+ * with parenthesized groups. That is to say, if either of the
+ * opening or closing parentheses in a choice, seq, or Mixed
+ * construct is contained in the replacement text for a parameter
+ * entity, both must be contained in the same replacement text. For
+ * interoperability, if a parameter-entity reference appears in a
+ * choice, seq, or Mixed construct, its replacement text should not
+ * be empty, and neither the first nor last non-blank character of
+ * the replacement text should be a connector (| or ,).
+ *
+ * Returns the tree of xmlElementContentPtr describing the element
+ * hierarchy.
+ */
+xmlElementContentPtr
+xmlParseElementChildrenContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
+ /* stub left for API/ABI compat */
+ return(xmlParseElementChildrenContentDeclPriv(ctxt, inputchk, 1));
+}
+
+/**
* xmlParseElementContentDecl:
* @ctxt: an XML parser context
* @name: the name of the element being defined.
@@ -6097,7 +6152,7 @@ xmlParseElementContentDecl(xmlParserCtxtPtr ctxt, const xmlChar *name,
tree = xmlParseElementMixedContentDecl(ctxt, inputid);
res = XML_ELEMENT_TYPE_MIXED;
} else {
- tree = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ tree = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, 1);
res = XML_ELEMENT_TYPE_ELEMENT;
}
SKIP_BLANKS;
Index: libxml2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libxml2/F-10/libxml2.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -p -r1.63 -r1.64
--- libxml2.spec 19 Jan 2009 08:40:05 -0000 1.63
+++ libxml2.spec 10 Aug 2009 14:31:30 -0000 1.64
@@ -1,7 +1,7 @@
Summary: Library providing XML and HTML support
Name: libxml2
Version: 2.7.3
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
License: MIT
Group: Development/Libraries
Source: ftp://xmlsoft.org/libxml2-%{version}.tar.gz
@@ -9,9 +9,10 @@ BuildRoot: %{_tmppath}/%{name}-%{version
BuildRequires: python python-devel zlib-devel
URL: http://xmlsoft.org/
Patch0: libxml2-multilib.patch
+Patch1: libxml2-2.7.3-ficora-parse.patch
%description
-This library allows to manipulate XML files. It includes support
+This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
@@ -30,7 +31,7 @@ Requires: pkgconfig
%description devel
Libraries, include files, etc you can use to develop XML applications.
-This library allows to manipulate XML files. It includes support
+This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
@@ -59,7 +60,7 @@ The libxml2-python package contains a mo
written in the Python programming language to use the interface
supplied by the libxml2 library to manipulate XML files.
-This library allows to manipulate XML files. It includes support
+This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DTDs, either
at parse time or later once the document has been modified.
@@ -67,6 +68,7 @@ at parse time or later once the document
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
%configure
@@ -141,6 +143,9 @@ rm -fr %{buildroot}
%doc doc/python.html
%changelog
+* Mon Aug 10 2009 Daniel Veillard <veillard at redhat.com> - 2.7.3-2
+- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416
+
* Mon Jan 19 2009 Daniel Veillard <veillard at redhat.com> - 2.7.3-1.fc10
- new release 2.7.3
- limit default max size of text nodes
More information about the fedora-extras-commits
mailing list