blob: e39ec65cd990a74ceed45bc6c15dff947ffd843f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
From 28cd9cb747a94483f4aea7f0968d202c20bb4cfc Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 20 Nov 2015 14:55:30 +0800
Subject: [PATCH] Add xmlHaltParser() to stop the parser
The problem is doing it in a consistent and safe fashion
It's more complex than just setting ctxt->instate = XML_PARSER_EOF
Update the public function to reuse that new internal routine
Upstream-Status: Backport
CVE-2015-7499-1
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
parser.c | 34 +++++++++++++++++++++++++++++-----
1 file changed, 29 insertions(+), 5 deletions(-)
diff --git a/parser.c b/parser.c
index da6e729..b6e99b1 100644
--- a/parser.c
+++ b/parser.c
@@ -94,6 +94,8 @@ static xmlParserCtxtPtr
xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
const xmlChar *base, xmlParserCtxtPtr pctx);
+static void xmlHaltParser(xmlParserCtxtPtr ctxt);
+
/************************************************************************
* *
* Arbitrary limits set in the parser. See XML_PARSE_HUGE *
@@ -12625,25 +12627,47 @@ xmlCreatePushParserCtxt(xmlSAXHandlerPtr sax, void *user_data,
#endif /* LIBXML_PUSH_ENABLED */
/**
- * xmlStopParser:
+ * xmlHaltParser:
* @ctxt: an XML parser context
*
- * Blocks further parser processing
+ * Blocks further parser processing don't override error
+ * for internal use
*/
-void
-xmlStopParser(xmlParserCtxtPtr ctxt) {
+static void
+xmlHaltParser(xmlParserCtxtPtr ctxt) {
if (ctxt == NULL)
return;
ctxt->instate = XML_PARSER_EOF;
- ctxt->errNo = XML_ERR_USER_STOP;
ctxt->disableSAX = 1;
if (ctxt->input != NULL) {
+ /*
+ * in case there was a specific allocation deallocate before
+ * overriding base
+ */
+ if (ctxt->input->free != NULL) {
+ ctxt->input->free((xmlChar *) ctxt->input->base);
+ ctxt->input->free = NULL;
+ }
ctxt->input->cur = BAD_CAST"";
ctxt->input->base = ctxt->input->cur;
}
}
/**
+ * xmlStopParser:
+ * @ctxt: an XML parser context
+ *
+ * Blocks further parser processing
+ */
+void
+xmlStopParser(xmlParserCtxtPtr ctxt) {
+ if (ctxt == NULL)
+ return;
+ xmlHaltParser(ctxt);
+ ctxt->errNo = XML_ERR_USER_STOP;
+}
+
+/**
* xmlCreateIOParserCtxt:
* @sax: a SAX handler
* @user_data: The user data returned on SAX callbacks
--
2.3.5
|
