diff options
Diffstat (limited to 'main/expat/CVE-2017-9233.patch')
-rw-r--r-- | main/expat/CVE-2017-9233.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/main/expat/CVE-2017-9233.patch b/main/expat/CVE-2017-9233.patch new file mode 100644 index 0000000000..1ddbc755d8 --- /dev/null +++ b/main/expat/CVE-2017-9233.patch @@ -0,0 +1,29 @@ +From c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f Mon Sep 17 00:00:00 2001 +From: Rhodri James <rhodri@kynesim.co.uk> +Date: Wed, 14 Jun 2017 23:45:07 +0200 +Subject: [PATCH] xmlparse.c: Fix external entity infinite loop bug + (CVE-2017-9233) + +--- + expat/lib/xmlparse.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index 7818f8d..2114596 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -3981,6 +3981,14 @@ entityValueInitProcessor(XML_Parser parser, + *nextPtr = next; + return XML_ERROR_NONE; + } ++ /* If we get this token, we have the start of what might be a ++ normal tag, but not a declaration (i.e. it doesn't begin with ++ "<!"). In a DTD context, that isn't legal. ++ */ ++ else if (tok == XML_TOK_INSTANCE_START) { ++ *nextPtr = next; ++ return XML_ERROR_SYNTAX; ++ } + start = next; + eventPtr = start; + } |