登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
0 Star 0 Fork 28

Liquor/expat

forked from src-openEuler/expat 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
CVE-2019-15903.patch 4.43 KB
一键复制 编辑 原始数据 按行查看 历史
hexiaowen 提交于 2019-09-30 10:38 . Package init
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
From c20b758c332d9a13afbbb276d30db1d183a85d43 Mon Sep 17 00:00:00 2001

From: Sebastian Pipping <[email protected]>

Date: Wed, 28 Aug 2019 00:24:59 +0200

Subject: [PATCH 189/286] xmlparse.c: Deny internal entities closing the

 doctype



---

 expat/lib/xmlparse.c | 20 +++++++++++++-------

 1 file changed, 13 insertions(+), 7 deletions(-)



diff --git a/lib/xmlparse.c b/lib/xmlparse.c

index f4506b0..3df4347 100644

--- a/lib/xmlparse.c

+++ b/lib/xmlparse.c

@@ -412,9 +412,10 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity,

 static enum XML_Error

 initializeEncoding(XML_Parser parser);

 static enum XML_Error

-doProlog(XML_Parser parser, const ENCODING *enc, const char *s,

-         const char *end, int tok, const char *next, const char **nextPtr,

-         XML_Bool haveMore);

+doProlog(XML_Parser parser, const ENCODING *enc,

+         const char *s, const char *end, int tok,

+         const char *next, const char **nextPtr,

+         XML_Bool haveMore, XML_Bool allowClosingDoctype);

 static enum XML_Error

 processInternalEntity(XML_Parser parser, ENTITY *entity,

                       XML_Bool betweenDecl);

@@ -4240,8 +4241,8 @@ externalParEntProcessor(XML_Parser parser,

   }

 

   parser->m_processor = prologProcessor;

-  return doProlog(parser, parser->m_encoding, s, end, tok, next,

-                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);

+  return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,

+                  (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);

 }

 

 static enum XML_Error PTRCALL

@@ -4290,20 +4291,14 @@ prologProcessor(XML_Parser parser,

 {

   const char *next = s;

   int tok = XmlPrologTok(parser->m_encoding, s, end, &next);

-  return doProlog(parser, parser->m_encoding, s, end, tok, next,

-                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);

+  return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,

+                  (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);

 }

 

 static enum XML_Error

-doProlog(XML_Parser parser,

-         const ENCODING *enc,

-         const char *s,

-         const char *end,

-         int tok,

-         const char *next,

-         const char **nextPtr,

-         XML_Bool haveMore)

-{

+doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,

+         int tok, const char *next, const char **nextPtr, XML_Bool haveMore,

+         XML_Bool allowClosingDoctype) {

 #ifdef XML_DTD

   static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' };

 #endif /* XML_DTD */

@@ -4481,6 +4476,11 @@ doProlog(XML_Parser parser,

       }

       break;

     case XML_ROLE_DOCTYPE_CLOSE:

+      if (allowClosingDoctype != XML_TRUE) {

+        /* Must not close doctype from within expanded parameter entities */

+        return XML_ERROR_INVALID_TOKEN;

+      }

+

       if (parser->m_doctypeName) {

         parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName,

                                 parser->m_doctypeSysid, parser->m_doctypePubid, 0);

@@ -5417,8 +5417,8 @@ processInternalEntity(XML_Parser parser, ENTITY *entity,

 #ifdef XML_DTD

   if (entity->is_param) {

     int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);

-    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,

-                      next, &next, XML_FALSE);

+    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,

+                      tok, next, &next, XML_FALSE, XML_FALSE);

   }

   else

 #endif /* XML_DTD */

@@ -5464,8 +5464,8 @@ internalEntityProcessor(XML_Parser parser,

 #ifdef XML_DTD

   if (entity->is_param) {

     int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);

-    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,

-                      next, &next, XML_FALSE);

+    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,

+                      tok, next, &next, XML_FALSE, XML_TRUE);

   }

   else

 #endif /* XML_DTD */

@@ -5492,7 +5492,7 @@ internalEntityProcessor(XML_Parser parser,

     parser->m_processor = prologProcessor;

     tok = XmlPrologTok(parser->m_encoding, s, end, &next);

     return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,

-                    (XML_Bool)!parser->m_parsingStatus.finalBuffer);

+                    (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);

   }

   else

 #endif /* XML_DTD */

---

2.19.1
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/liquor1/expat.git
[email protected]:liquor1/expat.git
liquor1
expat
expat
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部