diff options
Diffstat (limited to 'textproc/libxml2/patches/patch-CVE-2012-0841-ab')
| -rw-r--r-- | textproc/libxml2/patches/patch-CVE-2012-0841-ab | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/textproc/libxml2/patches/patch-CVE-2012-0841-ab b/textproc/libxml2/patches/patch-CVE-2012-0841-ab deleted file mode 100644 index 548c9242dfc..00000000000 --- a/textproc/libxml2/patches/patch-CVE-2012-0841-ab +++ /dev/null @@ -1,93 +0,0 @@ -$NetBSD: patch-CVE-2012-0841-ab,v 1.1 2012/03/09 12:12:28 drochner Exp $ - -patch 8973d58b7498fa5100a876815476b81fd1a2412a - ---- hash.c.orig 2010-10-12 06:25:32.000000000 +0000 -+++ hash.c -@@ -3,7 +3,7 @@ - * - * Reference: Your favorite introductory book on algorithms - * -- * Copyright (C) 2000 Bjorn Reese and Daniel Veillard. -+ * Copyright (C) 2000,2012 Bjorn Reese and Daniel Veillard. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -21,6 +21,22 @@ - #include "libxml.h" - - #include <string.h> -+#ifdef HAVE_STDLIB_H -+#include <stdlib.h> -+#endif -+#ifdef HAVE_TIME_H -+#include <time.h> -+#endif -+ -+/* -+ * Following http://www.ocert.org/advisories/ocert-2011-003.html -+ * it seems that having hash randomization might be a good idea -+ * when using XML with untrusted data -+ */ -+#if defined(HAVE_RAND) && defined(HAVE_SRAND) && defined(HAVE_TIME) -+#define HASH_RANDOMIZATION -+#endif -+ - #include <libxml/parser.h> - #include <libxml/hash.h> - #include <libxml/xmlmemory.h> -@@ -31,6 +47,10 @@ - - /* #define DEBUG_GROW */ - -+#ifdef HASH_RANDOMIZATION -+static int hash_initialized = 0; -+#endif -+ - /* - * A single entry in the hash table - */ -@@ -53,6 +73,9 @@ struct _xmlHashTable { - int size; - int nbElems; - xmlDictPtr dict; -+#ifdef HASH_RANDOMIZATION -+ int random_seed; -+#endif - }; - - /* -@@ -65,6 +88,9 @@ xmlHashComputeKey(xmlHashTablePtr table, - unsigned long value = 0L; - char ch; - -+#ifdef HASH_RANDOMIZATION -+ value = table->random_seed; -+#endif - if (name != NULL) { - value += 30 * (*name); - while ((ch = *name++) != 0) { -@@ -92,6 +118,9 @@ xmlHashComputeQKey(xmlHashTablePtr table - unsigned long value = 0L; - char ch; - -+#ifdef HASH_RANDOMIZATION -+ value = table->random_seed; -+#endif - if (prefix != NULL) - value += 30 * (*prefix); - else -@@ -156,6 +185,13 @@ xmlHashCreate(int size) { - table->table = xmlMalloc(size * sizeof(xmlHashEntry)); - if (table->table) { - memset(table->table, 0, size * sizeof(xmlHashEntry)); -+#ifdef HASH_RANDOMIZATION -+ if (!hash_initialized) { -+ srand(time(NULL)); -+ hash_initialized = 1; -+ } -+ table->random_seed = rand(); -+#endif - return(table); - } - xmlFree(table); |