Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 454034 Details for
Bug 600468
<dev-vcs/subversion-{1.8.17,1.9.5}: Unrestricted XML entity expansion in mod_dontdothat and HTTP clients (CVE-2016-8734)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
1.8.16 patch
CVE-2016-8734-1.8.16.patch (text/plain), 6.25 KB, created by
Aaron Bauman (RETIRED)
on 2016-11-22 12:33:02 UTC
(
hide
)
Description:
1.8.16 patch
Filename:
MIME Type:
Creator:
Aaron Bauman (RETIRED)
Created:
2016-11-22 12:33:02 UTC
Size:
6.25 KB
patch
obsolete
>Index: subversion/libsvn_ra_serf/util.c >=================================================================== >--- subversion/libsvn_ra_serf/util.c (revision 1768982) >+++ subversion/libsvn_ra_serf/util.c (working copy) >@@ -2694,7 +2694,31 @@ > #endif > } > >+#ifdef EXPAT_HAS_STOPPARSER >+static void >+expat_entity_declaration(void *userData, >+ const XML_Char *entityName, >+ int is_parameter_entity, >+ const XML_Char *value, >+ int value_length, >+ const XML_Char *base, >+ const XML_Char *systemId, >+ const XML_Char *publicId, >+ const XML_Char *notationName) >+{ >+ struct expat_ctx_t *ectx = userData; > >+ /* Stop the parser if an entity declaration is hit. */ >+ XML_StopParser(ectx->parser, 0 /* resumable */); >+} >+#else >+/* A noop default_handler. */ >+static void >+expat_default_handler(void *userData, const XML_Char *s, int len) >+{ >+} >+#endif >+ > /* Implements svn_ra_serf__response_handler_t */ > static svn_error_t * > expat_response_handler(serf_request_t *request, >@@ -2712,6 +2736,12 @@ > XML_SetUserData(ectx->parser, ectx); > XML_SetElementHandler(ectx->parser, expat_start, expat_end); > XML_SetCharacterDataHandler(ectx->parser, expat_cdata); >+ >+#ifdef EXPAT_HAS_STOPPARSER >+ XML_SetEntityDeclHandler(ectx->parser, expat_entity_declaration); >+#else >+ XML_SetDefaultHandler(ectx->parser, expat_default_handler); >+#endif > } > > /* ### TODO: sline.code < 200 should really be handled by the core */ >Index: subversion/libsvn_subr/xml.c >=================================================================== >--- subversion/libsvn_subr/xml.c (revision 1768982) >+++ subversion/libsvn_subr/xml.c (working copy) >@@ -259,6 +259,14 @@ > } > > >+#ifndef XML_VERSION_AT_LEAST >+#define XML_VERSION_AT_LEAST(major,minor,patch) \ >+(((major) < XML_MAJOR_VERSION) \ >+ || ((major) == XML_MAJOR_VERSION && (minor) < XML_MINOR_VERSION) \ >+ || ((major) == XML_MAJOR_VERSION && (minor) == XML_MINOR_VERSION && \ >+ (patch) <= XML_MICRO_VERSION)) >+#endif /* XML_VERSION_AT_LEAST */ >+ > const char * > svn_xml_fuzzy_escape(const char *string, apr_pool_t *pool) > { >@@ -338,6 +346,28 @@ > (*svn_parser->data_handler)(svn_parser->baton, s, (apr_size_t)len); > } > >+#if XML_VERSION_AT_LEAST(1, 95, 8) >+static void expat_entity_declaration(void *userData, >+ const XML_Char *entityName, >+ int is_parameter_entity, >+ const XML_Char *value, >+ int value_length, >+ const XML_Char *base, >+ const XML_Char *systemId, >+ const XML_Char *publicId, >+ const XML_Char *notationName) >+{ >+ svn_xml_parser_t *svn_parser = userData; >+ >+ /* Stop the parser if an entity declaration is hit. */ >+ XML_StopParser(svn_parser->parser, 0 /* resumable */); >+} >+#else >+/* A noop default_handler. */ >+static void expat_default_handler(void *userData, const XML_Char *s, int len) >+{ >+} >+#endif > > /*** Making a parser. ***/ > >@@ -359,6 +389,12 @@ > XML_SetCharacterDataHandler(parser, > data_handler ? expat_data_handler : NULL); > >+#if XML_VERSION_AT_LEAST(1, 95, 8) >+ XML_SetEntityDeclHandler(parser, expat_entity_declaration); >+#else >+ XML_SetDefaultHandler(parser, expat_default_handler); >+#endif >+ > /* ### we probably don't want this pool; or at least we should pass it > ### to the callbacks and clear it periodically. */ > subpool = svn_pool_create(pool); >@@ -440,6 +476,9 @@ > /* This will cause the current XML_Parse() call to finish quickly! */ > XML_SetElementHandler(svn_parser->parser, NULL, NULL); > XML_SetCharacterDataHandler(svn_parser->parser, NULL); >+#if XML_VERSION_AT_LEAST(1, 95, 8) >+ XML_SetEntityDeclHandler(svn_parser->parser, NULL); >+#endif > > /* Once outside of XML_Parse(), the existence of this field will > cause svn_delta_parse()'s main read-loop to return error. */ >Index: tools/server-side/mod_dontdothat/mod_dontdothat.c >=================================================================== >--- tools/server-side/mod_dontdothat/mod_dontdothat.c (revision 1768982) >+++ tools/server-side/mod_dontdothat/mod_dontdothat.c (working copy) >@@ -42,6 +42,14 @@ > > module AP_MODULE_DECLARE_DATA dontdothat_module; > >+#ifndef XML_VERSION_AT_LEAST >+#define XML_VERSION_AT_LEAST(major,minor,patch) \ >+(((major) < XML_MAJOR_VERSION) \ >+ || ((major) == XML_MAJOR_VERSION && (minor) < XML_MINOR_VERSION) \ >+ || ((major) == XML_MAJOR_VERSION && (minor) == XML_MINOR_VERSION && \ >+ (patch) <= XML_MICRO_VERSION)) >+#endif /* XML_VERSION_AT_LEAST */ >+ > typedef struct dontdothat_config_rec { > const char *config_file; > const char *base_path; >@@ -551,6 +559,31 @@ > } > } > >+#if XML_VERSION_AT_LEAST(1, 95, 8) >+static void >+expat_entity_declaration(void *userData, >+ const XML_Char *entityName, >+ int is_parameter_entity, >+ const XML_Char *value, >+ int value_length, >+ const XML_Char *base, >+ const XML_Char *systemId, >+ const XML_Char *publicId, >+ const XML_Char *notationName) >+{ >+ dontdothat_filter_ctx *ctx = userData; >+ >+ /* Stop the parser if an entity declaration is hit. */ >+ XML_StopParser(ctx->xmlp, 0 /* resumable */); >+} >+#else >+/* A noop default_handler. */ >+static void >+expat_default_handler(void *userData, const XML_Char *s, int len) >+{ >+} >+#endif >+ > static svn_boolean_t > is_valid_wildcard(const char *wc) > { >@@ -696,6 +729,12 @@ > XML_SetElementHandler(ctx->xmlp, start_element, end_element); > XML_SetCharacterDataHandler(ctx->xmlp, cdata); > >+#if XML_VERSION_AT_LEAST(1, 95, 8) >+ XML_SetEntityDeclHandler(ctx->xmlp, expat_entity_declaration); >+#else >+ XML_SetDefaultHandler(ctx->xmlp, expat_default_handler); >+#endif >+ > ap_add_input_filter("DONTDOTHAT_FILTER", ctx, r, r->connection); > } > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 600468
: 454034 |
454036