Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 138787 Details for
Bug 202628
dev-libs/libxml2 < 2.6.30-r1 xmlCurrentChar() UTF-8 DoS (CVE-2007-6284)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libxml2-CVE-2007-6284.patch
libxml2-CVE-2007-6284.patch (text/plain), 1.63 KB, created by
Robert Buchholz (RETIRED)
on 2007-12-17 23:28:17 UTC
(
hide
)
Description:
libxml2-CVE-2007-6284.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-12-17 23:28:17 UTC
Size:
1.63 KB
patch
obsolete
>Index: parserInternals.c >=================================================================== >--- parserInternals.c (revision 3667) >+++ parserInternals.c (working copy) >@@ -638,14 +638,13 @@ > > c = *cur; > if (c & 0x80) { >- if (c == 0xC0) >+ if (((c & 0x40) == 0) || (c == 0xC0)) > goto encoding_error; > if (cur[1] == 0) > xmlParserInputGrow(ctxt->input, INPUT_CHUNK); > if ((cur[1] & 0xc0) != 0x80) > goto encoding_error; > if ((c & 0xe0) == 0xe0) { >- > if (cur[2] == 0) > xmlParserInputGrow(ctxt->input, INPUT_CHUNK); > if ((cur[2] & 0xc0) != 0x80) >@@ -662,18 +661,24 @@ > val |= (cur[1] & 0x3f) << 12; > val |= (cur[2] & 0x3f) << 6; > val |= cur[3] & 0x3f; >+ if (val < 0x10000) >+ goto encoding_error; > } else { > /* 3-byte code */ > *len = 3; > val = (cur[0] & 0xf) << 12; > val |= (cur[1] & 0x3f) << 6; > val |= cur[2] & 0x3f; >+ if (val < 0x800) >+ goto encoding_error; > } > } else { > /* 2-byte code */ > *len = 2; > val = (cur[0] & 0x1f) << 6; > val |= cur[1] & 0x3f; >+ if (val < 0x80) >+ goto encoding_error; > } > if (!IS_CHAR(val)) { > xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR, >@@ -683,6 +688,13 @@ > } else { > /* 1-byte code */ > *len = 1; >+ if (*ctxt->input->cur == 0) >+ xmlParserInputGrow(ctxt->input, INPUT_CHUNK); >+ if ((*ctxt->input->cur == 0) && >+ (ctxt->input->end > ctxt->input->cur)) { >+ xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR, >+ "Char 0x%X out of allowed range\n", val); >+ } > if (*ctxt->input->cur == 0xD) { > if (ctxt->input->cur[1] == 0xA) { > ctxt->nbChars++;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=138787">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202628
: 138787 |
138790
