Patrick Williams | f1e5d69 | 2016-03-30 15:21:19 -0500 | [diff] [blame] | 1 | From 709a952110e98621c9b78c4f26462a9d8333102e Mon Sep 17 00:00:00 2001 |
| 2 | From: Daniel Veillard <veillard@redhat.com> |
| 3 | Date: Mon, 29 Jun 2015 16:10:26 +0800 |
| 4 | Subject: [PATCH] Fail parsing early on if encoding conversion failed |
| 5 | |
| 6 | For https://bugzilla.gnome.org/show_bug.cgi?id=751631 |
| 7 | |
| 8 | If we fail conversing the current input stream while |
| 9 | processing the encoding declaration of the XMLDecl |
| 10 | then it's safer to just abort there and not try to |
| 11 | report further errors. |
| 12 | |
| 13 | Upstream-Status: Backport |
| 14 | |
| 15 | CVE-2015-8317 |
| 16 | |
| 17 | Signed-off-by: Armin Kuster <akuster@mvista.com> |
| 18 | |
| 19 | --- |
| 20 | parser.c | 6 +++++- |
| 21 | 1 file changed, 5 insertions(+), 1 deletion(-) |
| 22 | |
| 23 | diff --git a/parser.c b/parser.c |
| 24 | index a3a9568..0edd53b 100644 |
| 25 | --- a/parser.c |
| 26 | +++ b/parser.c |
| 27 | @@ -10471,7 +10471,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) { |
| 28 | |
| 29 | handler = xmlFindCharEncodingHandler((const char *) encoding); |
| 30 | if (handler != NULL) { |
| 31 | - xmlSwitchToEncoding(ctxt, handler); |
| 32 | + if (xmlSwitchToEncoding(ctxt, handler) < 0) { |
| 33 | + /* failed to convert */ |
| 34 | + ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING; |
| 35 | + return(NULL); |
| 36 | + } |
| 37 | } else { |
| 38 | xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING, |
| 39 | "Unsupported encoding %s\n", encoding); |
| 40 | -- |
| 41 | 2.3.5 |
| 42 | |