mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-09 16:59:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
1d5c8af9c423e7eb53288f00102f2da69cb52861
poky/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
Divya Chellam 7c4bd642e4 ruby: fix CVE-2024-39908 
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some
DoS vulnerabilities when it parses an XML that has many specific characters
such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be
impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the
patches to fix these vulnerabilities. Users are advised to upgrade. Users
unable to upgrade should avoid parsing untrusted XML strings.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-39908

Upstream-patches:
f1df7d13b3
d146162e9a
b5bf109a59
b8a5f4cd5c
0af55fa49d
c1b64c174e
9f1415a261
c33ea49810
a79ac8b4b4
67efb5951e
1f1e6e9b40
910e5a2b48

(From OE-Core rev: 6e0b70843422cd7cdb25a9e1520dd64bf701fea6)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-01 06:50:49 -08:00

88 lines
3.2 KiB
Diff
Raw Blame History

From 0af55fa49d4c9369f90f239a9571edab800ed36e Mon Sep 17 00:00:00 2001
From: Watson <watson1978@gmail.com>
Date: Tue, 16 Jul 2024 10:57:39 +0900
Subject: [PATCH] Fix ReDoS caused by very large character references using
repeated 0s (#169)
This patch will fix the ReDoS that is caused by large string of 0s on a
character reference (like `&#00000000...`).
This is occurred in Ruby 3.1 or earlier.
CVE: CVE-2024-39908
Upstream-Status: Backport [https://github.com/ruby/rexml/commit/0af55fa49d4c9369f90f239a9571edab800ed36e]
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
.bundle/gems/rexml-3.2.5/lib/rexml/text.rb | 48 +++++++++++++++-------
1 file changed, 34 insertions(+), 14 deletions(-)
diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
index 050b09c..0957d70 100644
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
@@ -151,25 +151,45 @@ module REXML
end
end
- # context sensitive
- string.scan(pattern) do
- if $1[-1] != ?;
- raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
- elsif $1[0] == ?&
- if $5 and $5[0] == ?#
- case ($5[1] == ?x ? $5[2..-1].to_i(16) : $5[1..-1].to_i)
- when *VALID_CHAR
+ pos = 0
+ while (index = string.index(/<|&/, pos))
+ if string[index] == "<"
+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
+ end
+
+ unless (end_index = string.index(/[^\s];/, index + 1))
+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
+ end
+
+ value = string[(index + 1)..end_index]
+ if /\s/.match?(value)
+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
+ end
+
+ if value[0] == "#"
+ character_reference = value[1..-1]
+
+ unless (/\A(\d+|x[0-9a-fA-F]+)\z/.match?(character_reference))
+ if character_reference[0] == "x" || character_reference[-1] == "x"
+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
else
- raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
+ raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
end
- # FIXME: below can't work but this needs API change.
- # elsif @parent and $3 and !SUBSTITUTES.include?($1)
- # if !doctype or !doctype.entities.has_key?($3)
- # raise "Undeclared entity '#{$1}' in raw string \"#{string}\""
- # end
end
+
+ case (character_reference[0] == "x" ? character_reference[1..-1].to_i(16) : character_reference[0..-1].to_i)
+ when *VALID_CHAR
+ else
+ raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
+ end
+ elsif !(/\A#{Entity::NAME}\z/um.match?(value))
+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
end
+
+ pos = end_index + 1
end
+
+ string
end
def node_type
--
2.40.0
Reference in New Issue View Git Blame Copy Permalink