raptor: backport a (2017!) commit that fixes CVE-2017-18926 heap based

buffer overflow. From wen heping, I added upstream.commit information to the patch.
2020-11-10 07:43:37 +00:00 · 2020-11-10 07:43:37 +00:00 · 2948c4e131
commit 2948c4e131
parent cdc97d57cf
2 changed files with 39 additions and 2 deletions
--- a/textproc/raptor/Makefile
+++ b/textproc/raptor/Makefile
@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.18 2020/06/09 07:14:45 jasper Exp $
+# $OpenBSD: Makefile,v 1.19 2020/11/10 07:43:37 sthen Exp $


 COMMENT=		RDF Parser Toolkit for Redland
 DISTNAME=		raptor2-2.0.15
 PKGNAME=		${DISTNAME:C/raptor2/raptor/}
 CATEGORIES=		textproc
-REVISION=		3
+REVISION=		4

 SHARED_LIBS +=  raptor2              0.0      # 0.0

--- a/textproc/raptor/patches/patch-src_raptor_xml_writer_c
+++ b/textproc/raptor/patches/patch-src_raptor_xml_writer_c
@ -0,0 +1,37 @@
+$OpenBSD: patch-src_raptor_xml_writer_c,v 1.1 2020/11/10 07:43:37 sthen Exp $
+
+CVE-2017-18926
+
+From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sun, 16 Apr 2017 23:15:12 +0100
+Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
+
+(raptor_xml_writer_start_element_common): Calculate max including for
+each attribute a potential name and value.
+
+Index: src/raptor_xml_writer.c
+--- src/raptor_xml_writer.c.orig
+++ src/raptor_xml_writer.c
+@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writ
+   size_t nspace_declarations_count = 0;  
+   unsigned int i;
+ 
+-  /* max is 1 per element and 1 for each attribute + size of declared */
+   if(nstack) {
+-    int nspace_max_count = element->attribute_count+1;
+    int nspace_max_count = element->attribute_count * 2; /* attr and value */
+    if(element->name->nspace)
+      nspace_max_count++;
+     if(element->declared_nspaces)
+       nspace_max_count += raptor_sequence_size(element->declared_nspaces);
+     if(element->xml_language)
+@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writ
+         }
+       }
+ 
+-      /* Add the attribute + value */
+      /* Add the attribute's value */
+       nspace_declarations[nspace_declarations_count].declaration=
+         raptor_qname_format_as_xml(element->attributes[i],
+                                    &nspace_declarations[nspace_declarations_count].length);