-
-
Notifications
You must be signed in to change notification settings - Fork 30.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Update libexpat from 2.4.9 to 2.5.0 to address CVE-2022-43680. Co-authored-by: Shaun Walbridge <[email protected]> (cherry picked from commit 3e07f82)
- Loading branch information
1 parent
0a4f650
commit 0037d46
Showing
4 changed files
with
36 additions
and
18 deletions.
There are no files selected for viewing
1 change: 1 addition & 0 deletions
1
Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Update bundled libexpat to 2.5.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
/* 90815a2b2c80c03b2b889fe1d427bb2b9e3282aa065e42784e001db4f23de324 (2.4.9+) | ||
/* 5ab094ffadd6edfc94c3eee53af44a86951f9f1f0933ada3114bbce2bfb02c99 (2.5.0+) | ||
__ __ _ | ||
___\ \/ /_ __ __ _| |_ | ||
/ _ \\ /| '_ \ / _` | __| | ||
|
@@ -35,6 +35,7 @@ | |
Copyright (c) 2021 Dong-hee Na <[email protected]> | ||
Copyright (c) 2022 Samanta Navarro <[email protected]> | ||
Copyright (c) 2022 Jeffrey Walton <[email protected]> | ||
Copyright (c) 2022 Jann Horn <[email protected]> | ||
Licensed under the MIT license: | ||
Permission is hereby granted, free of charge, to any person obtaining | ||
|
@@ -1068,6 +1069,14 @@ parserCreate(const XML_Char *encodingName, | |
parserInit(parser, encodingName); | ||
|
||
if (encodingName && ! parser->m_protocolEncodingName) { | ||
if (dtd) { | ||
// We need to stop the upcoming call to XML_ParserFree from happily | ||
// destroying parser->m_dtd because the DTD is shared with the parent | ||
// parser and the only guard that keeps XML_ParserFree from destroying | ||
// parser->m_dtd is parser->m_isParamEntity but it will be set to | ||
// XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all). | ||
parser->m_dtd = NULL; | ||
} | ||
XML_ParserFree(parser); | ||
return NULL; | ||
} | ||
|
@@ -3011,16 +3020,16 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, | |
int len; | ||
const char *rawName; | ||
TAG *tag = parser->m_tagStack; | ||
parser->m_tagStack = tag->parent; | ||
tag->parent = parser->m_freeTagList; | ||
parser->m_freeTagList = tag; | ||
rawName = s + enc->minBytesPerChar * 2; | ||
len = XmlNameLength(enc, rawName); | ||
if (len != tag->rawNameLength | ||
|| memcmp(tag->rawName, rawName, len) != 0) { | ||
*eventPP = rawName; | ||
return XML_ERROR_TAG_MISMATCH; | ||
} | ||
parser->m_tagStack = tag->parent; | ||
tag->parent = parser->m_freeTagList; | ||
parser->m_freeTagList = tag; | ||
--parser->m_tagLevel; | ||
if (parser->m_endElementHandler) { | ||
const XML_Char *localPart; | ||
|
@@ -4975,10 +4984,10 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, | |
parser->m_handlerArg, parser->m_declElementType->name, | ||
parser->m_declAttributeId->name, parser->m_declAttributeType, 0, | ||
role == XML_ROLE_REQUIRED_ATTRIBUTE_VALUE); | ||
poolClear(&parser->m_tempPool); | ||
handleDefault = XML_FALSE; | ||
} | ||
} | ||
poolClear(&parser->m_tempPool); | ||
break; | ||
case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE: | ||
case XML_ROLE_FIXED_ATTRIBUTE_VALUE: | ||
|
@@ -5386,7 +5395,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, | |
* | ||
* If 'standalone' is false, the DTD must have no | ||
* parameter entities or we wouldn't have passed the outer | ||
* 'if' statement. That measn the only entity in the hash | ||
* 'if' statement. That means the only entity in the hash | ||
* table is the external subset name "#" which cannot be | ||
* given as a parameter entity name in XML syntax, so the | ||
* lookup must have returned NULL and we don't even reach | ||
|
@@ -5798,19 +5807,27 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, | |
|
||
if (result != XML_ERROR_NONE) | ||
return result; | ||
else if (textEnd != next | ||
&& parser->m_parsingStatus.parsing == XML_SUSPENDED) { | ||
|
||
if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { | ||
entity->processed = (int)(next - (const char *)entity->textPtr); | ||
return result; | ||
} else { | ||
} | ||
|
||
#ifdef XML_DTD | ||
entityTrackingOnClose(parser, entity, __LINE__); | ||
entityTrackingOnClose(parser, entity, __LINE__); | ||
#endif | ||
entity->open = XML_FALSE; | ||
parser->m_openInternalEntities = openEntity->next; | ||
/* put openEntity back in list of free instances */ | ||
openEntity->next = parser->m_freeInternalEntities; | ||
parser->m_freeInternalEntities = openEntity; | ||
entity->open = XML_FALSE; | ||
parser->m_openInternalEntities = openEntity->next; | ||
/* put openEntity back in list of free instances */ | ||
openEntity->next = parser->m_freeInternalEntities; | ||
parser->m_freeInternalEntities = openEntity; | ||
|
||
// If there are more open entities we want to stop right here and have the | ||
// upcoming call to XML_ResumeParser continue with entity content, or it would | ||
// be ignored altogether. | ||
if (parser->m_openInternalEntities != NULL | ||
&& parser->m_parsingStatus.parsing == XML_SUSPENDED) { | ||
return XML_ERROR_NONE; | ||
} | ||
|
||
#ifdef XML_DTD | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters