a2bd8e17dc
CVE-2011-0216 - Off-by-one error CVE-2011-2821 - Double free vulnerability CVE-2011-2834 - Double free vulnerability CVE-2011-3905 - DOS (out-of-bounds read) via unspecified vectors CVE-2011-3919 - Heap-based buffer overflow ok sthen@
64 lines
2.1 KiB
Plaintext
64 lines
2.1 KiB
Plaintext
$OpenBSD: patch-parser_c,v 1.5 2012/01/23 10:17:49 ajacoutot Exp $
|
|
|
|
From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001
|
|
From: Daniel Veillard <veillard@redhat.com>
|
|
Date: Fri, 16 Dec 2011 10:53:35 +0000
|
|
Subject: Fix an allocation error when copying entities
|
|
|
|
From 77404b8b69bc122d12231807abf1a837d121b551 Mon Sep 17 00:00:00 2001
|
|
From: Chris Evans <scarybeasts@gmail.com>
|
|
Date: Wed, 14 Dec 2011 08:18:25 +0000
|
|
Subject: Make sure the parser returns when getting a Stop order
|
|
|
|
--- parser.c.orig Mon Jan 23 08:11:49 2012
|
|
+++ parser.c Mon Jan 23 08:11:54 2012
|
|
@@ -4949,7 +4949,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
|
|
(ctxt->sax->processingInstruction != NULL))
|
|
ctxt->sax->processingInstruction(ctxt->userData,
|
|
target, NULL);
|
|
- ctxt->instate = state;
|
|
+ if (ctxt->instate != XML_PARSER_EOF)
|
|
+ ctxt->instate = state;
|
|
return;
|
|
}
|
|
buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar));
|
|
@@ -5029,7 +5030,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
|
|
} else {
|
|
xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL);
|
|
}
|
|
- ctxt->instate = state;
|
|
+ if (ctxt->instate != XML_PARSER_EOF)
|
|
+ ctxt->instate = state;
|
|
}
|
|
}
|
|
|
|
@@ -9588,6 +9590,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) {
|
|
else
|
|
name = xmlParseStartTag(ctxt);
|
|
#endif /* LIBXML_SAX1_ENABLED */
|
|
+ if (ctxt->instate == XML_PARSER_EOF)
|
|
+ return;
|
|
if (name == NULL) {
|
|
spacePop(ctxt);
|
|
return;
|
|
@@ -10967,6 +10971,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int termina
|
|
else
|
|
name = xmlParseStartTag(ctxt);
|
|
#endif /* LIBXML_SAX1_ENABLED */
|
|
+ if (ctxt->instate == XML_PARSER_EOF)
|
|
+ goto done;
|
|
if (name == NULL) {
|
|
spacePop(ctxt);
|
|
ctxt->instate = XML_PARSER_EOF;
|
|
@@ -11153,7 +11159,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int termina
|
|
else
|
|
xmlParseEndTag1(ctxt, 0);
|
|
#endif /* LIBXML_SAX1_ENABLED */
|
|
- if (ctxt->nameNr == 0) {
|
|
+ if (ctxt->instate == XML_PARSER_EOF) {
|
|
+ /* Nothing */
|
|
+ } else if (ctxt->nameNr == 0) {
|
|
ctxt->instate = XML_PARSER_EPILOG;
|
|
} else {
|
|
ctxt->instate = XML_PARSER_CONTENT;
|