diff options
author | Aron Xu <aron@debian.org> | 2015-09-21 22:55:08 +0800 |
---|---|---|
committer | Aron Xu <aron@debian.org> | 2015-09-21 22:55:08 +0800 |
commit | d548c999ade382febb424b26743b3c4d63159ae0 (patch) | |
tree | 232c9c894b45099f211728742569111738b17e16 /debian/patches/0048-Possible-overflow-in-HTMLParser.c.patch | |
parent | d837811e969fac31afdf39c00ba579b33f6adeb6 (diff) | |
download | libxml2-d548c999ade382febb424b26743b3c4d63159ae0.tar.gz |
Revert "Restore all patches available in 2.9.1+dfsg1-5 in stretch, ensuring CVE-2014-3660 is fixed too."
This reverts commit 37f590756a23e167808f76f1389c36f0a2d39f11.
Diffstat (limited to 'debian/patches/0048-Possible-overflow-in-HTMLParser.c.patch')
-rw-r--r-- | debian/patches/0048-Possible-overflow-in-HTMLParser.c.patch | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/debian/patches/0048-Possible-overflow-in-HTMLParser.c.patch b/debian/patches/0048-Possible-overflow-in-HTMLParser.c.patch deleted file mode 100644 index 8d0dcc8..0000000 --- a/debian/patches/0048-Possible-overflow-in-HTMLParser.c.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Daniel Veillard <veillard@redhat.com> -Date: Mon, 6 Oct 2014 18:51:04 +0800 -Subject: Possible overflow in HTMLParser.c - -For https://bugzilla.gnome.org/show_bug.cgi?id=720615 - -make sure that the encoding string passed is of reasonable size ---- - HTMLparser.c | 16 ++++++++++------ - 1 file changed, 10 insertions(+), 6 deletions(-) - -diff --git a/HTMLparser.c b/HTMLparser.c -index 4c51cc5..8d34fd1 100644 ---- a/HTMLparser.c -+++ b/HTMLparser.c -@@ -6288,12 +6288,16 @@ htmlCreateFileParserCtxt(const char *filename, const char *encoding) - - /* set encoding */ - if (encoding) { -- content = xmlMallocAtomic (xmlStrlen(content_line) + strlen(encoding) + 1); -- if (content) { -- strcpy ((char *)content, (char *)content_line); -- strcat ((char *)content, (char *)encoding); -- htmlCheckEncoding (ctxt, content); -- xmlFree (content); -+ size_t l = strlen(encoding); -+ -+ if (l < 1000) { -+ content = xmlMallocAtomic (xmlStrlen(content_line) + l + 1); -+ if (content) { -+ strcpy ((char *)content, (char *)content_line); -+ strcat ((char *)content, (char *)encoding); -+ htmlCheckEncoding (ctxt, content); -+ xmlFree (content); -+ } - } - } - |