| From 28cd9cb747a94483f4aea7f0968d202c20bb4cfc Mon Sep 17 00:00:00 2001 |
| From: Daniel Veillard <veillard@redhat.com> |
| Date: Fri, 20 Nov 2015 14:55:30 +0800 |
| Subject: [PATCH] Add xmlHaltParser() to stop the parser |
| |
| The problem is doing it in a consistent and safe fashion |
| It's more complex than just setting ctxt->instate = XML_PARSER_EOF |
| Update the public function to reuse that new internal routine |
| |
| Upstream-Status: Backport |
| |
| CVE-2015-7499-1 |
| |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| parser.c | 34 +++++++++++++++++++++++++++++----- |
| 1 file changed, 29 insertions(+), 5 deletions(-) |
| |
| diff --git a/parser.c b/parser.c |
| index da6e729..b6e99b1 100644 |
| --- a/parser.c |
| +++ b/parser.c |
| @@ -94,6 +94,8 @@ static xmlParserCtxtPtr |
| xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID, |
| const xmlChar *base, xmlParserCtxtPtr pctx); |
| |
| +static void xmlHaltParser(xmlParserCtxtPtr ctxt); |
| + |
| /************************************************************************ |
| * * |
| * Arbitrary limits set in the parser. See XML_PARSE_HUGE * |
| @@ -12625,25 +12627,47 @@ xmlCreatePushParserCtxt(xmlSAXHandlerPtr sax, void *user_data, |
| #endif /* LIBXML_PUSH_ENABLED */ |
| |
| /** |
| - * xmlStopParser: |
| + * xmlHaltParser: |
| * @ctxt: an XML parser context |
| * |
| - * Blocks further parser processing |
| + * Blocks further parser processing don't override error |
| + * for internal use |
| */ |
| -void |
| -xmlStopParser(xmlParserCtxtPtr ctxt) { |
| +static void |
| +xmlHaltParser(xmlParserCtxtPtr ctxt) { |
| if (ctxt == NULL) |
| return; |
| ctxt->instate = XML_PARSER_EOF; |
| - ctxt->errNo = XML_ERR_USER_STOP; |
| ctxt->disableSAX = 1; |
| if (ctxt->input != NULL) { |
| + /* |
| + * in case there was a specific allocation deallocate before |
| + * overriding base |
| + */ |
| + if (ctxt->input->free != NULL) { |
| + ctxt->input->free((xmlChar *) ctxt->input->base); |
| + ctxt->input->free = NULL; |
| + } |
| ctxt->input->cur = BAD_CAST""; |
| ctxt->input->base = ctxt->input->cur; |
| } |
| } |
| |
| /** |
| + * xmlStopParser: |
| + * @ctxt: an XML parser context |
| + * |
| + * Blocks further parser processing |
| + */ |
| +void |
| +xmlStopParser(xmlParserCtxtPtr ctxt) { |
| + if (ctxt == NULL) |
| + return; |
| + xmlHaltParser(ctxt); |
| + ctxt->errNo = XML_ERR_USER_STOP; |
| +} |
| + |
| +/** |
| * xmlCreateIOParserCtxt: |
| * @sax: a SAX handler |
| * @user_data: The user data returned on SAX callbacks |
| -- |
| 2.3.5 |
| |