hi, please test/comment the following diff:
SECURITY FIX for http://secunia.com/advisories/28444/ Libxml2 UTF-8 Parsing Denial of Service Vulnerability Patch taken from upstream. Index: Makefile =================================================================== RCS file: /cvs/ports/textproc/libxml/Makefile,v retrieving revision 1.110 diff -u -r1.110 Makefile --- Makefile 4 Jan 2008 18:38:52 -0000 1.110 +++ Makefile 1 Apr 2008 08:55:52 -0000 @@ -5,8 +5,8 @@ VERSION= 2.6.30 DISTNAME= libxml2-${VERSION} -PKGNAME-main= libxml-${VERSION} -PKGNAME-python= py-libxml-${VERSION}p0 +PKGNAME-main= libxml-${VERSION}p0 +PKGNAME-python= py-libxml-${VERSION}p1 SHARED_LIBS= xml2 9.7 CATEGORIES= textproc MASTER_SITES= ftp://xmlsoft.org/libxml/ \ Index: patches/patch-parserInternals_c =================================================================== RCS file: patches/patch-parserInternals_c diff -N patches/patch-parserInternals_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-parserInternals_c 1 Apr 2008 08:55:52 -0000 @@ -0,0 +1,58 @@ +$OpenBSD$ +--- parserInternals.c.orig Tue Jun 12 15:33:54 2007 ++++ parserInternals.c Tue Apr 1 10:36:06 2008 +@@ -638,14 +638,13 @@ xmlCurrentChar(xmlParserCtxtPtr ctxt, int *len) { + + c = *cur; + if (c & 0x80) { +- if (c == 0xC0) ++ if (((c & 0x40) == 0) || (c == 0xC0)) + goto encoding_error; + if (cur[1] == 0) + xmlParserInputGrow(ctxt->input, INPUT_CHUNK); + if ((cur[1] & 0xc0) != 0x80) + goto encoding_error; + if ((c & 0xe0) == 0xe0) { +- + if (cur[2] == 0) + xmlParserInputGrow(ctxt->input, INPUT_CHUNK); + if ((cur[2] & 0xc0) != 0x80) +@@ -662,18 +661,24 @@ xmlCurrentChar(xmlParserCtxtPtr ctxt, int *len) { + val |= (cur[1] & 0x3f) << 12; + val |= (cur[2] & 0x3f) << 6; + val |= cur[3] & 0x3f; ++ if (val < 0x10000) ++ goto encoding_error; + } else { + /* 3-byte code */ + *len = 3; + val = (cur[0] & 0xf) << 12; + val |= (cur[1] & 0x3f) << 6; + val |= cur[2] & 0x3f; ++ if (val < 0x800) ++ goto encoding_error; + } + } else { + /* 2-byte code */ + *len = 2; + val = (cur[0] & 0x1f) << 6; + val |= cur[1] & 0x3f; ++ if (val < 0x80) ++ goto encoding_error; + } + if (!IS_CHAR(val)) { + xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR, +@@ -683,6 +688,13 @@ xmlCurrentChar(xmlParserCtxtPtr ctxt, int *len) { + } else { + /* 1-byte code */ + *len = 1; ++ if (*ctxt->input->cur == 0) ++ xmlParserInputGrow(ctxt->input, INPUT_CHUNK); ++ if ((*ctxt->input->cur == 0) && ++ (ctxt->input->end > ctxt->input->cur)) { ++ xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR, ++ "Char 0x%X out of allowed range\n", val); ++ } + if (*ctxt->input->cur == 0xD) { + if (ctxt->input->cur[1] == 0xA) { + ctxt->nbChars++; -- "The good life is one inspired by love and guided by knowledge." -- Bertrand Russel
