-
-
Notifications
You must be signed in to change notification settings - Fork 903
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
backport libxml2 patch for CVE-2020-7595
related to #1992
- Loading branch information
1 parent
e6b3229
commit 2cdb68e
Showing
1 changed file
with
32 additions
and
0 deletions.
There are no files selected for viewing
32 changes: 32 additions & 0 deletions
32
patches/libxml2/0005-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 | ||
From: Zhipeng Xie <xiezhipeng1@huawei.com> | ||
Date: Thu, 12 Dec 2019 17:30:55 +0800 | ||
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities | ||
|
||
When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef | ||
return NULL which cause a infinite loop in xmlStringLenDecodeEntities | ||
|
||
Found with libFuzzer. | ||
|
||
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> | ||
--- | ||
parser.c | 3 ++- | ||
1 file changed, 2 insertions(+), 1 deletion(-) | ||
|
||
diff --git a/parser.c b/parser.c | ||
index d1c3196..a34bb6c 100644 | ||
--- a/parser.c | ||
+++ b/parser.c | ||
@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, | ||
else | ||
c = 0; | ||
while ((c != 0) && (c != end) && /* non input consuming loop */ | ||
- (c != end2) && (c != end3)) { | ||
+ (c != end2) && (c != end3) && | ||
+ (ctxt->instate != XML_PARSER_EOF)) { | ||
|
||
if (c == 0) break; | ||
if ((c == '&') && (str[1] == '#')) { | ||
-- | ||
2.17.1 | ||
|