summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfeld <feld@FreeBSD.org>2016-06-30 22:36:53 +0000
committerfeld <feld@FreeBSD.org>2016-06-30 22:36:53 +0000
commitbf9eabbf734e355d21d23406c8c26fe5bc7f16fc (patch)
tree29e5b076aacf78c05d6245f72a8c3218c8ec4dea
parent6576597cd5b7131fe942ee115fe5f59a19c6276d (diff)
downloadFreeBSD-ports-branches/2016Q2.zip
FreeBSD-ports-branches/2016Q2.tar.gz
MFH: r417847branches/2016Q2
textproc/expat2: Patch vulnerability This patch resolves a vulnerability that may still exist due to compiler optimizations. The previous patches for CVE-2015-1283 and CVE-2015-2716 may not work as intended in some situations. Security: CVE-2016-4472 Approved by: ports-secteam (with hat)
-rw-r--r--textproc/expat2/Makefile2
-rw-r--r--textproc/expat2/files/patch-CVE-2016-447226
2 files changed, 27 insertions, 1 deletions
diff --git a/textproc/expat2/Makefile b/textproc/expat2/Makefile
index 0027302..db9e469 100644
--- a/textproc/expat2/Makefile
+++ b/textproc/expat2/Makefile
@@ -3,7 +3,7 @@
PORTNAME= expat
PORTVERSION= 2.1.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= textproc
MASTER_SITES= SF
diff --git a/textproc/expat2/files/patch-CVE-2016-4472 b/textproc/expat2/files/patch-CVE-2016-4472
new file mode 100644
index 0000000..dbce55e
--- /dev/null
+++ b/textproc/expat2/files/patch-CVE-2016-4472
@@ -0,0 +1,26 @@
+ expat/CMakeLists.txt | 3 +++
+ expat/lib/xmlparse.c | 48 +++++++++++++++++++++++++++++++++++++++++-------
+ 2 files changed, 44 insertions(+), 7 deletions(-)
+
+--- lib/xmlparse.c.orig 2016-06-30 22:23:11 UTC
++++ lib/xmlparse.c
+@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len
+ }
+
+ if (len > bufferLim - bufferEnd) {
+- int neededSize = len + (int)(bufferEnd - bufferPtr);
++ /* Do not invoke signed arithmetic overflow: */
++ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
+ if (neededSize < 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len
+ if (bufferSize == 0)
+ bufferSize = INIT_BUFFER_SIZE;
+ do {
+- bufferSize *= 2;
++ /* Do not invoke signed arithmetic overflow: */
++ bufferSize = (int) (2U * (unsigned) bufferSize);
+ } while (bufferSize < neededSize && bufferSize > 0);
+ if (bufferSize <= 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
OpenPOWER on IntegriCloud