mirror of
https://git.yoctoproject.org/poky
synced 2026-02-14 20:53:03 +01:00
8fa7ff501e
The previous fix for CVE-2024-43398 did not include patches to provide context for the changes it made. This caused an exception at run-time when ruby parsed rexml/parsers/baseparser.rb. This was first observed when using ruby-native to build the sdformat recipe. With these additional backports, the sdformat build proceeds successfully. The REXML library was also tested manually on-target with a script that used REXML::Document.new file to parse an XML file. (From OE-Core rev: 6bf00fde2d4043c6b558733a33041ce5694342d3) Signed-off-by: Rob Woolley <rob.woolley@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
79 lines
3.2 KiB
Diff
79 lines
3.2 KiB
Diff
From 7cb5eaeb221c322b9912f724183294d8ce96bae3 Mon Sep 17 00:00:00 2001
|
|
From: Sutou Kouhei <kou@clear-code.com>
|
|
Date: Sat, 17 Aug 2024 17:45:52 +0900
|
|
Subject: [PATCH] parser tree: improve namespace conflicted attribute check
|
|
performance
|
|
|
|
It was slow for deep element.
|
|
|
|
Reported by l33thaxor. Thanks!!!
|
|
|
|
The changes to the test folder files are not included in this patch
|
|
because the test folder was not generated during the devtool source build.
|
|
|
|
CVE: CVE-2024-43398
|
|
|
|
Upstream-Status: Backport [https://github.com/ruby/rexml/commit/7cb5eaeb221c322b9912f724183294d8ce96bae3]
|
|
|
|
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
---
|
|
.bundle/gems/rexml-3.2.5/lib/rexml/element.rb | 11 -----------
|
|
.../rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 15 +++++++++++++++
|
|
2 files changed, 15 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb
|
|
index 4c21dbd..78e78c2 100644
|
|
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb
|
|
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb
|
|
@@ -2388,17 +2388,6 @@ module REXML
|
|
elsif old_attr.kind_of? Hash
|
|
old_attr[value.prefix] = value
|
|
elsif old_attr.prefix != value.prefix
|
|
- # Check for conflicting namespaces
|
|
- if value.prefix != "xmlns" and old_attr.prefix != "xmlns"
|
|
- old_namespace = old_attr.namespace
|
|
- new_namespace = value.namespace
|
|
- if old_namespace == new_namespace
|
|
- raise ParseException.new(
|
|
- "Namespace conflict in adding attribute \"#{value.name}\": "+
|
|
- "Prefix \"#{old_attr.prefix}\" = \"#{old_namespace}\" and "+
|
|
- "prefix \"#{value.prefix}\" = \"#{new_namespace}\"")
|
|
- end
|
|
- end
|
|
store value.name, {old_attr.prefix => old_attr,
|
|
value.prefix => value}
|
|
else
|
|
diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
index e32c7f4..154f2ac 100644
|
|
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
@@ -658,6 +658,7 @@ module REXML
|
|
|
|
def parse_attributes(prefixes)
|
|
attributes = {}
|
|
+ expanded_names = {}
|
|
closed = false
|
|
while true
|
|
if @source.match(">", true)
|
|
@@ -707,6 +708,20 @@ module REXML
|
|
raise REXML::ParseException.new(msg, @source, self)
|
|
end
|
|
|
|
+ unless prefix == "xmlns"
|
|
+ uri = @namespaces[prefix]
|
|
+ expanded_name = [uri, local_part]
|
|
+ existing_prefix = expanded_names[expanded_name]
|
|
+ if existing_prefix
|
|
+ message = "Namespace conflict in adding attribute " +
|
|
+ "\"#{local_part}\": " +
|
|
+ "Prefix \"#{existing_prefix}\" = \"#{uri}\" and " +
|
|
+ "prefix \"#{prefix}\" = \"#{uri}\""
|
|
+ raise REXML::ParseException.new(message, @source, self)
|
|
+ end
|
|
+ expanded_names[expanded_name] = prefix
|
|
+ end
|
|
+
|
|
attributes[name] = value
|
|
else
|
|
message = "Invalid attribute name: <#{@source.buffer.split(%r{[/>\s]}).first}>"
|