yocto-poky/meta/recipes-core/libxml/libxml2/CVE-2015-7499-1-Add-xmlHaltParser-to-stop-the-parser.patch - openbmc/openbmc - Gitiles

 From 28cd9cb747a94483f4aea7f0968d202c20bb4cfc Mon Sep 17 00:00:00 2001
 From: Daniel Veillard <veillard@redhat.com>
 Date: Fri, 20 Nov 2015 14:55:30 +0800
 Subject: [PATCH] Add xmlHaltParser() to stop the parser

 The problem is doing it in a consistent and safe fashion
 It's more complex than just setting ctxt->instate = XML_PARSER_EOF
 Update the public function to reuse that new internal routine

 Upstream-Status: Backport

 CVE-2015-7499-1

 Signed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  parser.c | 34 +++++++++++++++++++++++++++++-----
  1 file changed, 29 insertions(+), 5 deletions(-)

 diff --git a/parser.c b/parser.c
 index da6e729..b6e99b1 100644
 --- a/parser.c
 +++ b/parser.c
 @@ -94,6 +94,8 @@ static xmlParserCtxtPtr
  xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
  	                  const xmlChar *base, xmlParserCtxtPtr pctx);

 +static void xmlHaltParser(xmlParserCtxtPtr ctxt);
 +
  /************************************************************************
   *									*
   *	Arbitrary limits set in the parser. See XML_PARSE_HUGE		*
 @@ -12625,25 +12627,47 @@ xmlCreatePushParserCtxt(xmlSAXHandlerPtr sax, void *user_data,
  #endif /* LIBXML_PUSH_ENABLED */

  /**
 - * xmlStopParser:
 + * xmlHaltParser:
   * @ctxt:  an XML parser context
   *
 - * Blocks further parser processing
 + * Blocks further parser processing don't override error
 + * for internal use
   */
 -void
 -xmlStopParser(xmlParserCtxtPtr ctxt) {
 +static void
 +xmlHaltParser(xmlParserCtxtPtr ctxt) {
      if (ctxt == NULL)
          return;
      ctxt->instate = XML_PARSER_EOF;
 -    ctxt->errNo = XML_ERR_USER_STOP;
      ctxt->disableSAX = 1;
      if (ctxt->input != NULL) {
 +        /*
 +	 * in case there was a specific allocation deallocate before
 +	 * overriding base
 +	 */
 +        if (ctxt->input->free != NULL) {
 +	    ctxt->input->free((xmlChar *) ctxt->input->base);
 +	    ctxt->input->free = NULL;
 +	}
  	ctxt->input->cur = BAD_CAST"";
  	ctxt->input->base = ctxt->input->cur;
      }
  }

  /**
 + * xmlStopParser:
 + * @ctxt:  an XML parser context
 + *
 + * Blocks further parser processing
 + */
 +void
 +xmlStopParser(xmlParserCtxtPtr ctxt) {
 +    if (ctxt == NULL)
 +        return;
 +    xmlHaltParser(ctxt);
 +    ctxt->errNo = XML_ERR_USER_STOP;
 +}
 +
 +/**
   * xmlCreateIOParserCtxt:
   * @sax:  a SAX handler
   * @user_data:  The user data returned on SAX callbacks
 --
 2.3.5
	From 28cd9cb747a94483f4aea7f0968d202c20bb4cfc Mon Sep 17 00:00:00 2001
	From: Daniel Veillard <veillard@redhat.com>
	Date: Fri, 20 Nov 2015 14:55:30 +0800
	Subject: [PATCH] Add xmlHaltParser() to stop the parser

	The problem is doing it in a consistent and safe fashion
	It's more complex than just setting ctxt->instate = XML_PARSER_EOF
	Update the public function to reuse that new internal routine

	Upstream-Status: Backport

	CVE-2015-7499-1

	Signed-off-by: Armin Kuster <akuster@mvista.com>

	---
	parser.c \| 34 +++++++++++++++++++++++++++++-----
	1 file changed, 29 insertions(+), 5 deletions(-)

	diff --git a/parser.c b/parser.c
	index da6e729..b6e99b1 100644
	--- a/parser.c
	+++ b/parser.c
	@@ -94,6 +94,8 @@ static xmlParserCtxtPtr
	xmlCreateEntityParserCtxtInternal(const xmlChar URL, const xmlChar ID,
	const xmlChar *base, xmlParserCtxtPtr pctx);

	+static void xmlHaltParser(xmlParserCtxtPtr ctxt);
	+
	/************************************************************************
	* *
	* Arbitrary limits set in the parser. See XML_PARSE_HUGE *
	@@ -12625,25 +12627,47 @@ xmlCreatePushParserCtxt(xmlSAXHandlerPtr sax, void *user_data,
	#endif /* LIBXML_PUSH_ENABLED */

	/**
	- * xmlStopParser:
	+ * xmlHaltParser:
	* @ctxt: an XML parser context
	*
	- * Blocks further parser processing
	+ * Blocks further parser processing don't override error
	+ * for internal use
	*/
	-void
	-xmlStopParser(xmlParserCtxtPtr ctxt) {
	+static void
	+xmlHaltParser(xmlParserCtxtPtr ctxt) {
	if (ctxt == NULL)
	return;
	ctxt->instate = XML_PARSER_EOF;
	- ctxt->errNo = XML_ERR_USER_STOP;
	ctxt->disableSAX = 1;
	if (ctxt->input != NULL) {
	+ /*
	+ * in case there was a specific allocation deallocate before
	+ * overriding base
	+ */
	+ if (ctxt->input->free != NULL) {
	+ ctxt->input->free((xmlChar *) ctxt->input->base);
	+ ctxt->input->free = NULL;
	+ }
	ctxt->input->cur = BAD_CAST"";
	ctxt->input->base = ctxt->input->cur;
	}
	}

	/**
	+ * xmlStopParser:
	+ * @ctxt: an XML parser context
	+ *
	+ * Blocks further parser processing
	+ */
	+void
	+xmlStopParser(xmlParserCtxtPtr ctxt) {
	+ if (ctxt == NULL)
	+ return;
	+ xmlHaltParser(ctxt);
	+ ctxt->errNo = XML_ERR_USER_STOP;
	+}
	+
	+/**
	* xmlCreateIOParserCtxt:
	* @sax: a SAX handler
	* @user_data: The user data returned on SAX callbacks
	--
	2.3.5