diff options
| author | spz <spz@pkgsrc.org> | 2015-04-24 11:32:29 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2015-04-24 11:32:29 +0000 |
| commit | c3081c2e07f1306361ca74094de83f34426c53cc (patch) | |
| tree | 0355eb1dac8277d177c067c158c8a0f0f4ab4d2e /textproc/libxml2/patches/patch-xmlreader.c | |
| parent | a816e942aee1b814a986cce5152fc6313b203fb4 (diff) | |
| download | pkgsrc-c3081c2e07f1306361ca74094de83f34426c53cc.tar.gz | |
patch for CVE-2015-1819 Enforce the reader to run in constant memory
from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
+general patch refresh
Diffstat (limited to 'textproc/libxml2/patches/patch-xmlreader.c')
| -rw-r--r-- | textproc/libxml2/patches/patch-xmlreader.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/textproc/libxml2/patches/patch-xmlreader.c b/textproc/libxml2/patches/patch-xmlreader.c new file mode 100644 index 00000000000..6ff602006aa --- /dev/null +++ b/textproc/libxml2/patches/patch-xmlreader.c @@ -0,0 +1,59 @@ +$NetBSD: patch-xmlreader.c,v 1.1 2015/04/24 11:32:29 spz Exp $ + +patch for CVE-2015-1819 Enforce the reader to run in constant memory +from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 +part 3 + +--- xmlreader.c.orig 2014-10-06 12:05:09.000000000 +0000 ++++ xmlreader.c +@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr + "xmlNewTextReader : malloc failed\n"); + return(NULL); + } ++ /* no operation on a reader should require a huge buffer */ ++ xmlBufSetAllocationScheme(ret->buffer, ++ XML_BUFFER_ALLOC_BOUNDED); + ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler)); + if (ret->sax == NULL) { + xmlBufFree(ret->buffer); +@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr + return(((xmlNsPtr) node)->href); + case XML_ATTRIBUTE_NODE:{ + xmlAttrPtr attr = (xmlAttrPtr) node; ++ const xmlChar *ret; + + if ((attr->children != NULL) && + (attr->children->type == XML_TEXT_NODE) && +@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr + "xmlTextReaderSetup : malloc failed\n"); + return (NULL); + } ++ xmlBufSetAllocationScheme(reader->buffer, ++ XML_BUFFER_ALLOC_BOUNDED); + } else + xmlBufEmpty(reader->buffer); + xmlBufGetNodeContent(reader->buffer, node); +- return(xmlBufContent(reader->buffer)); ++ ret = xmlBufContent(reader->buffer); ++ if (ret == NULL) { ++ /* error on the buffer best to reallocate */ ++ xmlBufFree(reader->buffer); ++ reader->buffer = xmlBufCreateSize(100); ++ xmlBufSetAllocationScheme(reader->buffer, ++ XML_BUFFER_ALLOC_BOUNDED); ++ ret = BAD_CAST ""; ++ } ++ return(ret); + } + break; + } +@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr read + "xmlTextReaderSetup : malloc failed\n"); + return (-1); + } ++ /* no operation on a reader should require a huge buffer */ ++ xmlBufSetAllocationScheme(reader->buffer, ++ XML_BUFFER_ALLOC_BOUNDED); + if (reader->sax == NULL) + reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler)); + if (reader->sax == NULL) { |
