From 7585a37f8e289235ea199b0b9f4007646bb7428c Mon Sep 17 00:00:00 2001
From: jasper <jasper@openbsd.org>
Date: Tue, 1 Apr 2008 11:34:16 +0000
Subject: [PATCH] SECURITY FIX for http://secunia.com/advisories/28444/ Libxml2
 UTF-8 Parsing Denial of Service Vulnerability

Patch taken from upstream author.

testing and ok simon@ sthen@
---
 textproc/libxml/Makefile                      |  6 +-
 .../libxml/patches/patch-parserInternals_c    | 58 +++++++++++++++++++
 2 files changed, 61 insertions(+), 3 deletions(-)
 create mode 100644 textproc/libxml/patches/patch-parserInternals_c

diff --git a/textproc/libxml/Makefile b/textproc/libxml/Makefile
index af66184b646..396765bff21 100644
--- a/textproc/libxml/Makefile
+++ b/textproc/libxml/Makefile
@@ -1,12 +1,12 @@
-# $OpenBSD: Makefile,v 1.110 2008/01/04 18:38:52 espie Exp $
+# $OpenBSD: Makefile,v 1.111 2008/04/01 11:34:16 jasper Exp $
 
 COMMENT-main=		XML parsing library
 COMMENT-python=		Python bindings for libxml
 
 VERSION=		2.6.30
 DISTNAME=		libxml2-${VERSION}
-PKGNAME-main=		libxml-${VERSION}
-PKGNAME-python=		py-libxml-${VERSION}p0
+PKGNAME-main=		libxml-${VERSION}p0
+PKGNAME-python=		py-libxml-${VERSION}p1
 SHARED_LIBS=		xml2	9.7
 CATEGORIES=		textproc
 MASTER_SITES=		ftp://xmlsoft.org/libxml/ \
diff --git a/textproc/libxml/patches/patch-parserInternals_c b/textproc/libxml/patches/patch-parserInternals_c
new file mode 100644
index 00000000000..6abec8066b8
--- /dev/null
+++ b/textproc/libxml/patches/patch-parserInternals_c
@@ -0,0 +1,58 @@
+$OpenBSD: patch-parserInternals_c,v 1.1 2008/04/01 11:34:16 jasper Exp $
+--- parserInternals.c.orig	Tue Jun 12 15:33:54 2007
++++ parserInternals.c	Tue Apr  1 10:36:06 2008
+@@ -638,14 +638,13 @@ xmlCurrentChar(xmlParserCtxtPtr ctxt, int *len) {
+ 
+ 	c = *cur;
+ 	if (c & 0x80) {
+-	    if (c == 0xC0)
++	    if (((c & 0x40) == 0) || (c == 0xC0))
+ 		goto encoding_error;
+ 	    if (cur[1] == 0)
+ 		xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
+ 	    if ((cur[1] & 0xc0) != 0x80)
+ 		goto encoding_error;
+ 	    if ((c & 0xe0) == 0xe0) {
+-
+ 		if (cur[2] == 0)
+ 		    xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
+ 		if ((cur[2] & 0xc0) != 0x80)
+@@ -662,18 +661,24 @@ xmlCurrentChar(xmlParserCtxtPtr ctxt, int *len) {
+ 		    val |= (cur[1] & 0x3f) << 12;
+ 		    val |= (cur[2] & 0x3f) << 6;
+ 		    val |= cur[3] & 0x3f;
++		    if (val < 0x10000)
++			goto encoding_error;
+ 		} else {
+ 		  /* 3-byte code */
+ 		    *len = 3;
+ 		    val = (cur[0] & 0xf) << 12;
+ 		    val |= (cur[1] & 0x3f) << 6;
+ 		    val |= cur[2] & 0x3f;
++		    if (val < 0x800)
++			goto encoding_error;
+ 		}
+ 	    } else {
+ 	      /* 2-byte code */
+ 		*len = 2;
+ 		val = (cur[0] & 0x1f) << 6;
+ 		val |= cur[1] & 0x3f;
++		if (val < 0x80)
++		    goto encoding_error;
+ 	    }
+ 	    if (!IS_CHAR(val)) {
+ 	        xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
+@@ -683,6 +688,13 @@ xmlCurrentChar(xmlParserCtxtPtr ctxt, int *len) {
+ 	} else {
+ 	    /* 1-byte code */
+ 	    *len = 1;
++	    if (*ctxt->input->cur == 0)
++		xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
++	    if ((*ctxt->input->cur == 0) &&
++	        (ctxt->input->end > ctxt->input->cur)) {
++	        xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
++				  "Char 0x%X out of allowed range\n", val);
++	    }
+ 	    if (*ctxt->input->cur == 0xD) {
+ 		if (ctxt->input->cur[1] == 0xA) {
+ 		    ctxt->nbChars++;