Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 162368 Details for
Bug 234099
dev-libs/libxml2 <2.7.0 xmlStringLenDecodeEntities() Denial of Service (CVE-2008-3281)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libxml2-2.6.32-CVE-2008-3281.patch
libxml2-2.6.32-CVE-2008-3281.patch (text/plain), 1.63 KB, created by
Robert Buchholz (RETIRED)
on 2008-08-06 15:53:02 UTC
(
hide
)
Description:
libxml2-2.6.32-CVE-2008-3281.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-08-06 15:53:02 UTC
Size:
1.63 KB
patch
obsolete
>Index: libxml2-2.6.32/parser.c >=================================================================== >--- libxml2-2.6.32.orig/parser.c >+++ libxml2-2.6.32/parser.c >@@ -2381,7 +2381,11 @@ xmlStringLenDecodeEntities(xmlParserCtxt > xmlGenericError(xmlGenericErrorContext, > "String decoding Entity Reference: %.30s\n", > str); >+ ctxt->depth += 3; > ent = xmlParseStringEntityRef(ctxt, &str); >+ ctxt->depth -= 3; >+ if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) >+ goto int_error; > if ((ent != NULL) && > (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { > if (ent->content != NULL) { >@@ -2394,10 +2398,10 @@ xmlStringLenDecodeEntities(xmlParserCtxt > "predefined entity has no content\n"); > } > } else if ((ent != NULL) && (ent->content != NULL)) { >- ctxt->depth++; >+ ctxt->depth += 3; > rep = xmlStringDecodeEntities(ctxt, ent->content, what, > 0, 0, 0); >- ctxt->depth--; >+ ctxt->depth -= 3; > if (rep != NULL) { > current = rep; > while (*current != 0) { /* non input consuming loop */ >@@ -2432,10 +2436,10 @@ xmlStringLenDecodeEntities(xmlParserCtxt > if (xmlLoadEntityContent(ctxt, ent) < 0) { > } > } >- ctxt->depth++; >+ ctxt->depth += 3; > rep = xmlStringDecodeEntities(ctxt, ent->content, what, > 0, 0, 0); >- ctxt->depth--; >+ ctxt->depth -= 3; > if (rep != NULL) { > current = rep; > while (*current != 0) { /* non input consuming loop */ >@@ -2466,6 +2470,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt > > mem_error: > xmlErrMemory(ctxt, NULL); >+int_error: > if (rep != NULL) > xmlFree(rep); > if (buffer != NULL)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=162368">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 234099
:
162368
|
162398
|
162889
