expat/backport-004-CVE-2024-8176.patch

From 74308916d90218707bd7e8f61fbf52032e0e633d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= <berkay.ueruen@siemens.com>
Date: Wed, 25 Sep 2024 09:34:48 +0200
Subject: [PATCH 4/7] Add next pointer to appendAttributeValue

This commits extends appendAttributeValue by introducing a new parameter
that will be set to the next token to process.

Having such a parameter allows us to reenter the function after an exit
and continue from the last token pointed by the pointer.

Reference: https://github.com/libexpat/libexpat/pull/973/commits/74308916d90218707bd7e8f61fbf52032e0e633d
Conflict: adapt appendAttributeValue

---
 lib/xmlparse.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index cc5a609..781fc71 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -486,10 +486,10 @@ static enum XML_Error storeAttributeValue(XML_Parser parser, const ENCODING *,
                                           XML_Bool isCdata, const char *,
                                           const char *, STRING_POOL *,
                                           enum XML_Account account);
-static enum XML_Error appendAttributeValue(XML_Parser parser, const ENCODING *,
-                                           XML_Bool isCdata, const char *,
-                                           const char *, STRING_POOL *,
-                                           enum XML_Account account);
+static enum XML_Error
+appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+                     const char *ptr, const char *end, STRING_POOL *pool,
+                     enum XML_Account account, const char **nextPtr);
 static ATTRIBUTE_ID *getAttributeId(XML_Parser parser, const ENCODING *enc,
                                     const char *start, const char *end);
 static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *);
@@ -5994,8 +5994,8 @@ static enum XML_Error
 storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
                     const char *ptr, const char *end, STRING_POOL *pool,
                     enum XML_Account account) {
-  enum XML_Error result
-      = appendAttributeValue(parser, enc, isCdata, ptr, end, pool, account);
+  enum XML_Error result = appendAttributeValue(parser, enc, isCdata, ptr, end,
+                                               pool, account, NULL);
   if (result)
     return result;
   if (! isCdata && poolLength(pool) && poolLastChar(pool) == 0x20)
@@ -6008,7 +6008,7 @@ storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
 static enum XML_Error
 appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
                      const char *ptr, const char *end, STRING_POOL *pool,
-                     enum XML_Account account) {
+                     enum XML_Account account, const char **nextPtr) {
   DTD *const dtd = parser->m_dtd; /* save one level of indirection */
 #ifndef XML_DTD
   UNUSED_P(account);
@@ -6026,6 +6026,9 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
 #endif
     switch (tok) {
     case XML_TOK_NONE:
+      if (nextPtr) {
+        *nextPtr = next;
+      }
       return XML_ERROR_NONE;
     case XML_TOK_INVALID:
       if (enc == parser->m_encoding)
@@ -6174,7 +6177,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
         result = appendAttributeValue(parser, parser->m_internalEncoding,
                                       isCdata, (const char *)entity->textPtr,
                                       (const char *)textEnd, pool,
-                                      XML_ACCOUNT_ENTITY_EXPANSION);
+                                      XML_ACCOUNT_ENTITY_EXPANSION, NULL);
 #if defined(XML_DTD) || XML_GE == 1
         entityTrackingOnClose(parser, entity, __LINE__);
 #endif
@@ -6201,6 +6204,9 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
       /* LCOV_EXCL_STOP */
     }
     ptr = next;
+    if (nextPtr) {
+      *nextPtr = next;
+    }
   }
   /* not reached */
 }
-- 
2.33.0
fix CVE-2024-8176 2025-03-29 17:01:17 +08:00			`From 74308916d90218707bd7e8f61fbf52032e0e633d Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= <berkay.ueruen@siemens.com>`
			`Date: Wed, 25 Sep 2024 09:34:48 +0200`
			`Subject: [PATCH 4/7] Add next pointer to appendAttributeValue`

			`This commits extends appendAttributeValue by introducing a new parameter`
			`that will be set to the next token to process.`

			`Having such a parameter allows us to reenter the function after an exit`
			`and continue from the last token pointed by the pointer.`

			`Reference: https://github.com/libexpat/libexpat/pull/973/commits/74308916d90218707bd7e8f61fbf52032e0e633d`
			`Conflict: adapt appendAttributeValue`

			`---`
			`lib/xmlparse.c \| 22 ++++++++++++++--------`
			`1 file changed, 14 insertions(+), 8 deletions(-)`

			`diff --git a/lib/xmlparse.c b/lib/xmlparse.c`
			`index cc5a609..781fc71 100644`
			`--- a/lib/xmlparse.c`
			`+++ b/lib/xmlparse.c`
			`@@ -486,10 +486,10 @@ static enum XML_Error storeAttributeValue(XML_Parser parser, const ENCODING *,`
			`XML_Bool isCdata, const char *,`
			`const char , STRING_POOL ,`
			`enum XML_Account account);`
			`-static enum XML_Error appendAttributeValue(XML_Parser parser, const ENCODING *,`
			`- XML_Bool isCdata, const char *,`
			`- const char , STRING_POOL ,`
			`- enum XML_Account account);`
			`+static enum XML_Error`
			`+appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,`
			`+ const char ptr, const char end, STRING_POOL *pool,`
			`+ enum XML_Account account, const char **nextPtr);`
			`static ATTRIBUTE_ID getAttributeId(XML_Parser parser, const ENCODING enc,`
			`const char start, const char end);`
			`static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *);`
			`@@ -5994,8 +5994,8 @@ static enum XML_Error`
			`storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,`
			`const char ptr, const char end, STRING_POOL *pool,`
			`enum XML_Account account) {`
			`- enum XML_Error result`
			`- = appendAttributeValue(parser, enc, isCdata, ptr, end, pool, account);`
			`+ enum XML_Error result = appendAttributeValue(parser, enc, isCdata, ptr, end,`
			`+ pool, account, NULL);`
			`if (result)`
			`return result;`
			`if (! isCdata && poolLength(pool) && poolLastChar(pool) == 0x20)`
			`@@ -6008,7 +6008,7 @@ storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,`
			`static enum XML_Error`
			`appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,`
			`const char ptr, const char end, STRING_POOL *pool,`
			`- enum XML_Account account) {`
			`+ enum XML_Account account, const char **nextPtr) {`
			`DTD const dtd = parser->m_dtd; / save one level of indirection */`
			`#ifndef XML_DTD`
			`UNUSED_P(account);`
			`@@ -6026,6 +6026,9 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,`
			`#endif`
			`switch (tok) {`
			`case XML_TOK_NONE:`
			`+ if (nextPtr) {`
			`+ *nextPtr = next;`
			`+ }`
			`return XML_ERROR_NONE;`
			`case XML_TOK_INVALID:`
			`if (enc == parser->m_encoding)`
			`@@ -6174,7 +6177,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,`
			`result = appendAttributeValue(parser, parser->m_internalEncoding,`
			`isCdata, (const char *)entity->textPtr,`
			`(const char *)textEnd, pool,`
			`- XML_ACCOUNT_ENTITY_EXPANSION);`
			`+ XML_ACCOUNT_ENTITY_EXPANSION, NULL);`
			`#if defined(XML_DTD) \|\| XML_GE == 1`
			`entityTrackingOnClose(parser, entity, __LINE__);`
			`#endif`
			`@@ -6201,6 +6204,9 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,`
			`/* LCOV_EXCL_STOP */`
			`}`
			`ptr = next;`
			`+ if (nextPtr) {`
			`+ *nextPtr = next;`
			`+ }`
			`}`
			`/* not reached */`
			`}`
			`--`
			`2.33.0`