| From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001 |
| From: Hongxu Jia <hongxu.jia@windriver.com> |
| Date: Wed, 23 Aug 2017 16:04:49 +0800 |
| Subject: [PATCH] fix CVE-2017-8872 |
| |
| this makes xmlHaltParser "empty" the buffer, as it resets cur and ava |
| il too here. |
| |
| this seems to cure this specific issue, and also passes the testsuite |
| |
| Signed-off-by: Marcus Meissner <meissner@suse.de> |
| |
| https://bugzilla.gnome.org/show_bug.cgi?id=775200 |
| Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff] |
| Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> |
| --- |
| parser.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| diff --git a/parser.c b/parser.c |
| index 9506ead..6c07ffd 100644 |
| --- a/parser.c |
| +++ b/parser.c |
| @@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { |
| } |
| ctxt->input->cur = BAD_CAST""; |
| ctxt->input->base = ctxt->input->cur; |
| + if (ctxt->input->buf) { |
| + xmlBufEmpty (ctxt->input->buf->buffer); |
| + } else |
| + ctxt->input->length = 0; |
| } |
| } |
| |
| -- |
| 2.7.4 |
| |