Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 200443 Details for
Bug 280617
<dev-libs/libxml2-2.7.3-r2 Multiple DoS vulnerabilities (CVE-2009-{2414,2416})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libxml2-2.6.26-CVE-2009-2414,CVE-2009-2416.patch
libxml2-2.6.26-CVE-2009-2414,CVE-2009-2416.patch (text/plain), 2.22 KB, created by
Robert Buchholz (RETIRED)
on 2009-08-06 23:07:19 UTC
(
hide
)
Description:
libxml2-2.6.26-CVE-2009-2414,CVE-2009-2416.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2009-08-06 23:07:19 UTC
Size:
2.22 KB
patch
obsolete
>--- parser.c.orig 2009-08-03 15:33:12.000000000 +0200 >+++ parser.c 2009-08-03 15:36:26.000000000 +0200 >@@ -4778,10 +4779,14 @@ xmlParseNotationType(xmlParserCtxtPtr ct > if (name == NULL) { > xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED, > "Name expected in NOTATION declaration\n"); >- return(ret); >+ xmlFreeEnumeration(ret); >+ return(NULL); > } > cur = xmlCreateEnumeration(name); >- if (cur == NULL) return(ret); >+ if (cur == NULL) { >+ xmlFreeEnumeration(ret); >+ return(NULL); >+ } > if (last == NULL) ret = last = cur; > else { > last->next = cur; >@@ -4791,9 +4796,8 @@ xmlParseNotationType(xmlParserCtxtPtr ct > } while (RAW == '|'); > if (RAW != ')') { > xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL); >- if ((last != NULL) && (last != ret)) >- xmlFreeEnumeration(last); >- return(ret); >+ xmlFreeEnumeration(ret); >+ return(NULL); > } > NEXT; > return(ret); >@@ -4834,7 +4838,10 @@ xmlParseEnumerationType(xmlParserCtxtPtr > } > cur = xmlCreateEnumeration(name); > xmlFree(name); >- if (cur == NULL) return(ret); >+ if (cur == NULL) { >+ xmlFreeEnumeration(ret); >+ return(NULL); >+ } > if (last == NULL) ret = last = cur; > else { > last->next = cur; >@@ -5232,6 +5239,12 @@ xmlParseElementChildrenContentDecl (xmlP > const xmlChar *elem; > xmlChar type = 0; > >+ if (ctxt->depth > 128) { >+ xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED, >+ "xmlParseElementChildrenContentDecl : depth %d too deep\n", >+ ctxt->depth); >+ return(NULL); >+ } > SKIP_BLANKS; > GROW; > if (RAW == '(') { >@@ -5240,7 +5253,9 @@ xmlParseElementChildrenContentDecl (xmlP > /* Recurse on first child */ > NEXT; > SKIP_BLANKS; >+ ctxt->depth++; > cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid); >+ ctxt->depth--; > SKIP_BLANKS; > GROW; > } else { >@@ -5370,7 +5385,9 @@ xmlParseElementChildrenContentDecl (xmlP > /* Recurse on second child */ > NEXT; > SKIP_BLANKS; >+ ctxt->depth++; > last = xmlParseElementChildrenContentDecl(ctxt, inputid); >+ ctxt->depth--; > SKIP_BLANKS; > } else { > elem = xmlParseName(ctxt); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=200443">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 280617
: 200443 |
200447
|
200448
