| Patrick Williams | f1e5d69 | 2016-03-30 15:21:19 -0500 | [diff] [blame^] | 1 | From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001 |
| 2 | From: Daniel Veillard <veillard@redhat.com> |
| 3 | Date: Mon, 23 Feb 2015 11:17:35 +0800 |
| 4 | Subject: [PATCH] Stop parsing on entities boundaries errors |
| 5 | |
| 6 | For https://bugzilla.gnome.org/show_bug.cgi?id=744980 |
| 7 | |
| 8 | There are times, like on unterminated entities that it's preferable to |
| 9 | stop parsing, even if that means less error reporting. Entities are |
| 10 | feeding the parser on further processing, and if they are ill defined |
| 11 | then it's possible to get the parser to bug. Also do the same on |
| 12 | Conditional Sections if the input is broken, as the structure of |
| 13 | the document can't be guessed. |
| 14 | |
| 15 | Upstream-Status: Backport |
| 16 | |
| 17 | CVE-2015-7941-1 |
| 18 | |
| 19 | Signed-off-by: Armin Kuster <akuster@mvista.com> |
| 20 | |
| 21 | --- |
| 22 | parser.c | 1 + |
| 23 | 1 file changed, 1 insertion(+) |
| 24 | |
| 25 | diff --git a/parser.c b/parser.c |
| 26 | index a8d1b67..bbe97eb 100644 |
| 27 | --- a/parser.c |
| 28 | +++ b/parser.c |
| 29 | @@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) { |
| 30 | if (RAW != '>') { |
| 31 | xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED, |
| 32 | "xmlParseEntityDecl: entity %s not terminated\n", name); |
| 33 | + xmlStopParser(ctxt); |
| 34 | } else { |
| 35 | if (input != ctxt->input) { |
| 36 | xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY, |
| 37 | -- |
| 38 | 2.3.5 |
| 39 | |