guix-devel/gnu/packages/patches/libxml2-CVE-2015-7941-pt1.p...

33 lines
1.1 KiB
Diff
Raw Normal View History

From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Mon, 23 Feb 2015 11:17:35 +0800
Subject: [PATCH] Stop parsing on entities boundaries errors
For https://bugzilla.gnome.org/show_bug.cgi?id=744980
There are times, like on unterminated entities that it's preferable to
stop parsing, even if that means less error reporting. Entities are
feeding the parser on further processing, and if they are ill defined
then it's possible to get the parser to bug. Also do the same on
Conditional Sections if the input is broken, as the structure of
the document can't be guessed.
---
parser.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/parser.c b/parser.c
index a8d1b67..bbe97eb 100644
--- a/parser.c
+++ b/parser.c
@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
if (RAW != '>') {
xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
"xmlParseEntityDecl: entity %s not terminated\n", name);
+ xmlStopParser(ctxt);
} else {
if (input != ctxt->input) {
xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
--
2.6.3