Author: ken Date: 2009-09-16 12:22:21 -0600 (Wed, 16 Sep 2009) New Revision: 2126
Added: trunk/expat/expat-2.0.1-fixes-1.patch Log: Fix last month's expat DOS. Added: trunk/expat/expat-2.0.1-fixes-1.patch =================================================================== --- trunk/expat/expat-2.0.1-fixes-1.patch (rev 0) +++ trunk/expat/expat-2.0.1-fixes-1.patch 2009-09-16 18:22:21 UTC (rev 2126) @@ -0,0 +1,34 @@ +Submitted By: Ken Moffat <ken at linuxfromscratch dot org> +Date: 2009-09-16 +Initial Package Version: 2.0.1 +Upstream Status: Applied +Origin: Upstream +Description: Fixes for CVE-2009-2625 (infinite loop and application hang via malformed XML). + The vulnerability was raised against Apache Xerces2 Java, but see e.g. + https://bugs.gentoo.org/show_bug.cgi?id=280615 + + +diff -Naur expat-2.0.1.orig/lib/xmlparse.c expat-2.0.1/lib/xmlparse.c +--- expat-2.0.1.orig/lib/xmlparse.c 2007-05-08 03:25:35.000000000 +0100 ++++ expat-2.0.1/lib/xmlparse.c 2009-09-16 14:20:02.000000000 +0100 +@@ -2563,6 +2563,8 @@ + (int)(dataPtr - (ICHAR *)dataBuf)); + if (s == next) + break; ++ if (ps_parsing == XML_FINISHED || ps_parsing == XML_SUSPENDED) ++ break; + *eventPP = s; + } + } +diff -Naur expat-2.0.1.orig/lib/xmltok_impl.c expat-2.0.1/lib/xmltok_impl.c +--- expat-2.0.1.orig/lib/xmltok_impl.c 2006-11-26 17:34:46.000000000 +0000 ++++ expat-2.0.1/lib/xmltok_impl.c 2009-09-16 14:20:05.000000000 +0100 +@@ -1744,7 +1744,7 @@ + const char *end, + POSITION *pos) + { +- while (ptr != end) { ++ while (ptr < end) { + switch (BYTE_TYPE(enc, ptr)) { + #define LEAD_CASE(n) \ + case BT_LEAD ## n: \ -- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
