aboutsummaryrefslogtreecommitdiffstats
path: root/main/expat/CVE-2017-9233.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/expat/CVE-2017-9233.patch')
-rw-r--r--main/expat/CVE-2017-9233.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/main/expat/CVE-2017-9233.patch b/main/expat/CVE-2017-9233.patch
new file mode 100644
index 0000000000..1ddbc755d8
--- /dev/null
+++ b/main/expat/CVE-2017-9233.patch
@@ -0,0 +1,29 @@
+From c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f Mon Sep 17 00:00:00 2001
+From: Rhodri James <rhodri@kynesim.co.uk>
+Date: Wed, 14 Jun 2017 23:45:07 +0200
+Subject: [PATCH] xmlparse.c: Fix external entity infinite loop bug
+ (CVE-2017-9233)
+
+---
+ expat/lib/xmlparse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 7818f8d..2114596 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3981,6 +3981,14 @@ entityValueInitProcessor(XML_Parser parser,
+ *nextPtr = next;
+ return XML_ERROR_NONE;
+ }
++ /* If we get this token, we have the start of what might be a
++ normal tag, but not a declaration (i.e. it doesn't begin with
++ "<!"). In a DTD context, that isn't legal.
++ */
++ else if (tok == XML_TOK_INSTANCE_START) {
++ *nextPtr = next;
++ return XML_ERROR_SYNTAX;
++ }
+ start = next;
+ eventPtr = start;
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-15 19:56:00 +0000