| From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001 |
| From: Hugh Davenport <hugh@allthethings.co.nz> |
| Date: Tue, 3 Nov 2015 20:40:49 +0800 |
| Subject: [PATCH] Avoid extra processing of MarkupDecl when EOF |
| |
| For https://bugzilla.gnome.org/show_bug.cgi?id=756263 |
| |
| One place where ctxt->instate == XML_PARSER_EOF whic was set up |
| by entity detection issues doesn't get noticed, and even overrided |
| |
| Upstream-status: Backport |
| |
| https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe |
| |
| CVE: CVE-2015-8241 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| parser.c | 8 ++++++++ |
| 1 file changed, 8 insertions(+) |
| |
| Index: libxml2-2.9.2/parser.c |
| =================================================================== |
| --- libxml2-2.9.2.orig/parser.c |
| +++ libxml2-2.9.2/parser.c |
| @@ -6999,6 +6999,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt |
| xmlParsePI(ctxt); |
| } |
| } |
| + |
| + /* |
| + * detect requirement to exit there and act accordingly |
| + * and avoid having instate overriden later on |
| + */ |
| + if (ctxt->instate == XML_PARSER_EOF) |
| + return; |
| + |
| /* |
| * This is only for internal subset. On external entities, |
| * the replacement is done before parsing stage |