diff options
| author |   Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-01-10 20:29:13 +0000 |
|---|---|---|
| committer | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-01-10 20:29:13 +0000 |
| commit | e1d311b04a3592fd09bfa67ee7b4ff3895f40f1b (patch) | |
| tree | 96a61c0493ee06167ade5e59311a539eb2a0525f /dev-libs/libxml2/files | |
| parent | Marking freedoko-0.7.10 ppc for bug 389267 (diff) | |
| download | gentoo-2-e1d311b04a3592fd09bfa67ee7b4ff3895f40f1b.tar.gz gentoo-2-e1d311b04a3592fd09bfa67ee7b4ff3895f40f1b.tar.bz2 gentoo-2-e1d311b04a3592fd09bfa67ee7b4ff3895f40f1b.zip | |
Fix heap-based overflow in parsing long entity references (CVE-2011-3919, bug #398361, thanks to Agostino Sarubbo for reporting).
(Portage version: 2.2.0_alpha84/cvs/Linux x86_64)
Diffstat (limited to 'dev-libs/libxml2/files')
| -rw-r--r-- | dev-libs/libxml2/files/libxml2-2.7.8-allocation-error-copying-entities.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/dev-libs/libxml2/files/libxml2-2.7.8-allocation-error-copying-entities.patch b/dev-libs/libxml2/files/libxml2-2.7.8-allocation-error-copying-entities.patch new file mode 100644 index 000000000000..c0d943311f23 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.7.8-allocation-error-copying-entities.patch @@ -0,0 +1,21 @@ +From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Fri, 16 Dec 2011 10:53:35 +0000 +Subject: Fix an allocation error when copying entities + +--- +diff --git a/parser.c b/parser.c +index 4e5dcb9..c55e41d 100644 +--- a/parser.c ++++ b/parser.c +@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + + buffer[nbchars++] = '&'; + if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { +- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); ++ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); + } + for (;i > 0;i--) + buffer[nbchars++] = *cur++; +-- +cgit v0.9.0.2 |