| Upstream-Status: Backport |
| CVE: CVE-2017-8872 |
| Signed-off-by: Ross Burton <ross.burton@intel.com> |
| |
| From 123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 Mon Sep 17 00:00:00 2001 |
| From: Nick Wellnhofer <wellnhofer@aevum.de> |
| Date: Tue, 11 Sep 2018 14:52:07 +0200 |
| Subject: [PATCH] Free input buffer in xmlHaltParser |
| |
| This avoids miscalculation of available bytes. |
| |
| Thanks to Yunho Kim for the report. |
| |
| Closes: #26 |
| --- |
| parser.c | 5 +++++ |
| result/errors/759573.xml.err | 17 +++++++---------- |
| 2 files changed, 12 insertions(+), 10 deletions(-) |
| |
| diff --git a/parser.c b/parser.c |
| index ca9fde2c..5813a664 100644 |
| --- a/parser.c |
| +++ b/parser.c |
| @@ -12462,7 +12462,12 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { |
| ctxt->input->free((xmlChar *) ctxt->input->base); |
| ctxt->input->free = NULL; |
| } |
| + if (ctxt->input->buf != NULL) { |
| + xmlFreeParserInputBuffer(ctxt->input->buf); |
| + ctxt->input->buf = NULL; |
| + } |
| ctxt->input->cur = BAD_CAST""; |
| + ctxt->input->length = 0; |
| ctxt->input->base = ctxt->input->cur; |
| ctxt->input->end = ctxt->input->cur; |
| } |
| diff --git a/result/errors/759573.xml.err b/result/errors/759573.xml.err |
| index 554039f6..38ef5c40 100644 |
| --- a/result/errors/759573.xml.err |
| +++ b/result/errors/759573.xml.err |
| @@ -21,14 +21,11 @@ Entity: line 1: |
| ^ |
| ./test/errors/759573.xml:1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration |
| |
| -<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00 |
| - ^ |
| + |
| +^ |
| ./test/errors/759573.xml:1: parser error : DOCTYPE improperly terminated |
| -<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00 |
| - ^ |
| -./test/errors/759573.xml:1: parser error : StartTag: invalid element name |
| -<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00 |
| - ^ |
| -./test/errors/759573.xml:1: parser error : Extra content at the end of the document |
| -<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00 |
| - ^ |
| + |
| +^ |
| +./test/errors/759573.xml:1: parser error : Start tag expected, '<' not found |
| + |
| +^ |
| -- |
| 2.11.0 |
| |