Thanks Daniel!
-----Original Message----- From: Daniel Veillard [mailto:[EMAIL PROTECTED] Sent: Sat 1/19/2008 6:48 AM To: Fred Smith Cc: [email protected] Subject: Re: [xml] Security flaw affecting all previous libxml2 releases On Thu, Jan 17, 2008 at 10:34:19AM -0800, Fred Smith wrote: > Trying to manually apply this patch to 2.4.25. I find that some parts of > it match up well and others don't. > > There are three places in the file where similar code can be found. I'm > guessing that the one we're concerned with here is the one beginning > around line 1282, as that's the block where the "1-byte code" most > closely resembles the bottom part of this patch. > > But I don't see a close match for the first change in the patch in any > of those areas. Specifically, there is no line reading "if (c == 0xC0)". > The place that most looks like the right place is: > > c = *cur; > if (c & 0x80) { <==================== > if (cur[1] == 0) > xmlParserInputGrow(ctxt->input, INPUT_CHUNK); > if ((cur[1] & 0xc0) != 0x80) > goto encoding_error; > if ((c & 0xe0) == 0xe0) { > > if (cur[2] == 0) > xmlParserInputGrow(ctxt->input, INPUT_CHUNK); > > see the line marked with arrow, it looks as if the patch wants to insert > a couple of lines right below there?? > > I'd be grateful if Daniel (or anyone else who has patched an ancient > version) could advise me on the correct changes to make here. Sure, i made the patches which were needed for RHEL 2.1/3/4 security fixes, they went out as part of the source RPM updates for RHEL, attached ! Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
_______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
