mirror of
https://git.yoctoproject.org/poky
synced 2026-03-10 09:19:41 +01:00
7c4bd642e4
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings. Reference: https://security-tracker.debian.org/tracker/CVE-2024-39908 Upstream-patches:f1df7d13b3d146162e9ab5bf109a59b8a5f4cd5c0af55fa49dc1b64c174e9f1415a261c33ea49810a79ac8b4b467efb5951e1f1e6e9b40910e5a2b48(From OE-Core rev: 6e0b70843422cd7cdb25a9e1520dd64bf701fea6) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
54 lines
2.2 KiB
Diff
54 lines
2.2 KiB
Diff
From 67efb5951ed09dbb575c375b130a1e469f437d1f Mon Sep 17 00:00:00 2001
|
|
From: Watson <watson1978@gmail.com>
|
|
Date: Tue, 16 Jul 2024 11:26:57 +0900
|
|
Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
|
|
inside `<!DOCTYPE name [<!ENTITY>]>` (#175)
|
|
|
|
A `<` is treated as a string delimiter.
|
|
In certain cases, if `<` is used in succession, read and match are
|
|
repeated, which slows down the process. Therefore, the following is used
|
|
to read ahead to a specific part of the string in advance.
|
|
|
|
CVE: CVE-2024-39908
|
|
|
|
Upstream-Status: Backport [https://github.com/ruby/rexml/commit/67efb5951ed09dbb575c375b130a1e469f437d1f]
|
|
|
|
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
---
|
|
.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 8 ++++++--
|
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
index c22b632..c4de254 100644
|
|
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
@@ -124,11 +124,15 @@ module REXML
|
|
}
|
|
|
|
module Private
|
|
- INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
|
|
+ # Terminal requires two or more letters.
|
|
INSTRUCTION_TERM = "?>"
|
|
COMMENT_TERM = "-->"
|
|
CDATA_TERM = "]]>"
|
|
DOCTYPE_TERM = "]>"
|
|
+ # Read to the end of DOCTYPE because there is no proper ENTITY termination
|
|
+ ENTITY_TERM = DOCTYPE_TERM
|
|
+
|
|
+ INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
|
|
TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
|
|
CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
|
|
ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
|
|
@@ -304,7 +308,7 @@ module REXML
|
|
raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
|
|
return [ :elementdecl, "<!ELEMENT" + md[1] ]
|
|
elsif @source.match("ENTITY", true)
|
|
- match = [:entitydecl, *@source.match(ENTITYDECL_PATTERN, true).captures.compact]
|
|
+ match = [:entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM).captures.compact]
|
|
ref = false
|
|
if match[1] == '%'
|
|
ref = true
|
|
--
|
|
2.40.0
|
|
|