mirror of
https://git.yoctoproject.org/poky
synced 2026-05-02 18:32:15 +02:00
c4b71e1a6a
includes: CVE-2015-7942 CVE-2015-7942-2 (From OE-Core rev: 66c7e97f8687c1b656c322282ee7cdc200945616) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
40 lines
1.0 KiB
Diff
40 lines
1.0 KiB
Diff
From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001
|
|
From: Daniel Veillard <veillard@redhat.com>
|
|
Date: Fri, 23 Oct 2015 19:02:28 +0800
|
|
Subject: [PATCH] Another variation of overflow in Conditional sections
|
|
|
|
Which happen after the previous fix to
|
|
https://bugzilla.gnome.org/show_bug.cgi?id=756456
|
|
|
|
But stopping the parser and exiting we didn't pop the intermediary entities
|
|
and doing the SKIP there applies on an input which may be too small
|
|
|
|
Upstream-Status: Backport
|
|
|
|
CVE-2015-7942
|
|
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
---
|
|
parser.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/parser.c b/parser.c
|
|
index a65e4cc..b9217ff 100644
|
|
--- a/parser.c
|
|
+++ b/parser.c
|
|
@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
|
|
"All markup of the conditional section is not in the same entity\n",
|
|
NULL, NULL);
|
|
}
|
|
- SKIP(3);
|
|
+ if ((ctxt-> instate != XML_PARSER_EOF) &&
|
|
+ ((ctxt->input->cur + 3) < ctxt->input->end))
|
|
+ SKIP(3);
|
|
}
|
|
}
|
|
|
|
--
|
|
2.3.5
|
|
|