diff options
Diffstat (limited to 'main/expat/CVE-2017-9233.patch')
-rw-r--r-- | main/expat/CVE-2017-9233.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/main/expat/CVE-2017-9233.patch b/main/expat/CVE-2017-9233.patch deleted file mode 100644 index 1ddbc755d8..0000000000 --- a/main/expat/CVE-2017-9233.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f Mon Sep 17 00:00:00 2001 -From: Rhodri James <rhodri@kynesim.co.uk> -Date: Wed, 14 Jun 2017 23:45:07 +0200 -Subject: [PATCH] xmlparse.c: Fix external entity infinite loop bug - (CVE-2017-9233) - ---- - expat/lib/xmlparse.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 7818f8d..2114596 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -3981,6 +3981,14 @@ entityValueInitProcessor(XML_Parser parser, - *nextPtr = next; - return XML_ERROR_NONE; - } -+ /* If we get this token, we have the start of what might be a -+ normal tag, but not a declaration (i.e. it doesn't begin with -+ "<!"). In a DTD context, that isn't legal. -+ */ -+ else if (tok == XML_TOK_INSTANCE_START) { -+ *nextPtr = next; -+ return XML_ERROR_SYNTAX; -+ } - start = next; - eventPtr = start; - } |