packages/expat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
expat/backport-011-CVE-2024-8176.patch
zhuofeng 2fc4b29f0d fix CVE-2024-8176
2025-03-29 17:10:03 +08:00

54 lines
2.0 KiB
Diff
Raw Blame History

From f2edeaaecebfad1edef3e6504ffb772e5e4dd089 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= <berkay.ueruen@siemens.com>
Date: Wed, 5 Mar 2025 12:33:47 +0100
Subject: [PATCH] Delete the check that prevents reentry
The early return in case of zero open internal entities and matching
end/nextPtr pointers cause the parser to miss XML_ERROR_NO_ELEMENTS
error.
The reason is that the internalEntityProcessor does not set the
m_reenter flag in such a case, which results in skipping the
prologProcessor or contentProcessor depending on wheter is_param is set
or not. However, this last skipped call to mentioned processors can
detect the non-existence of elements when some are expected.
Reference: https://github.com/libexpat/libexpat/pull/973/commits/f2edeaaecebfad1edef3e6504ffb772e5e4dd089
Conflict: NA
---
lib/xmlparse.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index d5161e93..de459192 100644
--- a/lib/xmlparse.c
+++ b/ib/xmlparse.c
@@ -6034,6 +6034,8 @@ static enum XML_Error PTRCALL
internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
const char **nextPtr) {
UNUSED_P(s);
+ UNUSED_P(end);
+ UNUSED_P(nextPtr);
ENTITY *entity;
const char *textStart, *textEnd;
const char *next;
@@ -6101,14 +6103,6 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
if (parser->m_openInternalEntities == NULL) {
parser->m_processor = entity->is_param ? prologProcessor : contentProcessor;
- // internalEntityProcessor is called from callProcessor's while(1) loop,
- // therefore "end" denotes callProcessor's "end", which denotes the end
- // of the current buffer being parsed. Consequently, if we do not have
- // any open entities left and have reached to the end, we must not
- // trigger a reentry.
- if (end == *nextPtr) {
- return XML_ERROR_NONE;
- }
}
triggerReenter(parser);
return XML_ERROR_NONE;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink