packages/xmlrpc-c
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
xmlrpc-c/backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch
sherlock2010 a8e9bab5fb fix CVE-2024-45490 CVE-2024-45491
2024-09-10 08:33:12 +00:00

62 lines
2.1 KiB
Diff
Raw Blame History

From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 19 Aug 2024 22:26:07 +0200
Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
Reported by TaiYou
Conflict:file path adapt
add error code XML_ERROR_INVALID_ARGUMENT
parser->m_errorCode => errorCode
return XML_STATUS_ERROR => return 0
context adapt
Reference:https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf
---
lib/expat/xmlparse/xmlparse.c | 8 +++++++-
lib/expat/xmlparse/xmlparse.h | 3 ++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
index 8087360..d2363da 100644
--- a/lib/expat/xmlparse/xmlparse.c
+++ b/lib/expat/xmlparse/xmlparse.c
@@ -4810,6 +4810,11 @@ xmlrpc_XML_ParseBuffer(XML_Parser const xmlParserP,
return 0;
}
+ if (len < 0) {
+ errorCode = XML_ERROR_INVALID_ARGUMENT;
+ return 0;
+ }
+
parser->m_positionPtr = start;
parser->m_bufferEnd += len;
parser->m_parseEndByteIndex += len;
@@ -5017,7 +5022,8 @@ xmlrpc_XML_ErrorString(int const code) {
/* UNCLOSED_CDATA_SECTION */ XML_T("unclosed CDATA section"),
/* EXTERNAL_ENTITY_HANDLING */
XML_T("error in processing external entity reference"),
- /* NOT_STANDALONE */ XML_T("document is not standalone")
+ /* NOT_STANDALONE */ XML_T("document is not standalone"),
+ /* INVALID_ARGUMENT */ XML_T("invalid argument")
};
const XML_LChar * retval;
diff --git a/lib/expat/xmlparse/xmlparse.h b/lib/expat/xmlparse/xmlparse.h
index 76cf0db..63133ba 100644
--- a/lib/expat/xmlparse/xmlparse.h
+++ b/lib/expat/xmlparse/xmlparse.h
@@ -518,7 +518,8 @@ enum XML_Error {
XML_ERROR_INCORRECT_ENCODING,
XML_ERROR_UNCLOSED_CDATA_SECTION,
XML_ERROR_EXTERNAL_ENTITY_HANDLING,
- XML_ERROR_NOT_STANDALONE
+ XML_ERROR_NOT_STANDALONE,
+ XML_ERROR_INVALID_ARGUMENT
};
/* If xmlrpc_XML_Parse or xmlrpc_XML_ParseBuffer have returned 0, then
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink