blob: 98b30f037cbb68f5afbf65cd65be11c2af92980c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001
From: Hugh Davenport <hugh@allthethings.co.nz>
Date: Tue, 3 Nov 2015 20:40:49 +0800
Subject: Avoid extra processing of MarkupDecl when EOF
For https://bugzilla.gnome.org/show_bug.cgi?id=756263
One place where ctxt->instate == XML_PARSER_EOF whic was set up
by entity detection issues doesn't get noticed, and even overrided
Fixes CVE-2015-8241.
Upstream-Status: Backport
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
parser.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/parser.c b/parser.c
index d67b300..134afe7 100644
--- a/parser.c
+++ b/parser.c
@@ -6972,6 +6972,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt) {
xmlParsePI(ctxt);
}
}
+
+ /*
+ * detect requirement to exit there and act accordingly
+ * and avoid having instate overriden later on
+ */
+ if (ctxt->instate == XML_PARSER_EOF)
+ return;
+
/*
* This is only for internal subset. On external entities,
* the replacement is done before parsing stage
--
cgit v0.11.2
|
