1 files changed, 38 insertions, 0 deletions

diff --git a/main/libxml2/CVE-2015-8317-1.patch b/main/libxml2/CVE-2015-8317-1.patch
new file mode 100644
index 0000000000..3075d527e9
--- /dev/null
+++ b/main/libxml2/CVE-2015-8317-1.patch
@@ -0,0 +1,38 @@
+From 9aa37588ee78a06ca1379a9d9356eab16686099c Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Jun 2015 09:08:25 +0800
+Subject: Do not process encoding values if the declaration if broken
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=751603
+
+If the string is not properly terminated do not try to convert
+to the given encoding.
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index fe603ac..a3a9568 100644
+--- a/parser.c
++++ b/parser.c
+@@ -10404,6 +10404,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
+ 	    encoding = xmlParseEncName(ctxt);
+ 	    if (RAW != '"') {
+ 		xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
++		xmlFree((xmlChar *) encoding);
++		return(NULL);
+ 	    } else
+ 	        NEXT;
+ 	} else if (RAW == '\''){
+@@ -10411,6 +10413,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
+ 	    encoding = xmlParseEncName(ctxt);
+ 	    if (RAW != '\'') {
+ 		xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
++		xmlFree((xmlChar *) encoding);
++		return(NULL);
+ 	    } else
+ 	        NEXT;
+ 	} else {
+-- 
+cgit v0.12
+