mirror of
https://git.yoctoproject.org/poky
synced 2026-02-21 17:09:42 +01:00
7c4bd642e4
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings. Reference: https://security-tracker.debian.org/tracker/CVE-2024-39908 Upstream-patches:f1df7d13b3d146162e9ab5bf109a59b8a5f4cd5c0af55fa49dc1b64c174e9f1415a261c33ea49810a79ac8b4b467efb5951e1f1e6e9b40910e5a2b48(From OE-Core rev: 6e0b70843422cd7cdb25a9e1520dd64bf701fea6) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
77 lines
2.8 KiB
Diff
77 lines
2.8 KiB
Diff
From b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e Mon Sep 17 00:00:00 2001
|
|
From: Watson <watson1978@gmail.com>
|
|
Date: Tue, 16 Jul 2024 10:48:53 +0900
|
|
Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
|
|
inside `<?xml` (#170)
|
|
|
|
A `<` is treated as a string delimiter.
|
|
In certain cases, if `<` is used in succession, read and match are
|
|
repeated, which slows down the process. Therefore, the following is used
|
|
to read ahead to a specific part of the string in advance.
|
|
|
|
CVE: CVE-2024-39908
|
|
|
|
Upstream-Status: Backport [https://github.com/ruby/rexml/commit/b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e]
|
|
|
|
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
---
|
|
.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
|
|
.bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 6 +++---
|
|
2 files changed, 5 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
index 49c313c..767e134 100644
|
|
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
@@ -125,6 +125,7 @@ module REXML
|
|
|
|
module Private
|
|
INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
|
|
+ INSTRUCTION_TERM = "?>"
|
|
TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
|
|
CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
|
|
ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
|
|
@@ -652,7 +653,7 @@ module REXML
|
|
end
|
|
|
|
def process_instruction(start_position)
|
|
- match_data = @source.match(INSTRUCTION_END, true)
|
|
+ match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM)
|
|
unless match_data
|
|
message = "Invalid processing instruction node"
|
|
@source.position = start_position
|
|
diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
|
|
index b20cc4f..08a035c 100644
|
|
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
|
|
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
|
|
@@ -72,7 +72,7 @@ module REXML
|
|
@scanner.scan_until(Regexp.union(term)) or @scanner.rest
|
|
end
|
|
|
|
- def match(pattern, cons=false)
|
|
+ def match(pattern, cons=false, term: nil)
|
|
if cons
|
|
@scanner.scan(pattern).nil? ? nil : @scanner
|
|
else
|
|
@@ -184,7 +184,7 @@ module REXML
|
|
end
|
|
end
|
|
|
|
- def match( pattern, cons=false )
|
|
+ def match( pattern, cons=false, term: nil )
|
|
read if @scanner.eos? && @source
|
|
while true
|
|
if cons
|
|
@@ -195,7 +195,7 @@ module REXML
|
|
break if md
|
|
return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size
|
|
return nil if @source.nil?
|
|
- return nil unless read
|
|
+ return nil unless read(term)
|
|
end
|
|
|
|
md.nil? ? nil : @scanner
|
|
--
|
|
2.40.0
|
|
|