aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libxml2-CVE-2016-3627.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libxml2-CVE-2016-3627.patch')
-rw-r--r--gnu/packages/patches/libxml2-CVE-2016-3627.patch61
1 files changed, 0 insertions, 61 deletions
diff --git a/gnu/packages/patches/libxml2-CVE-2016-3627.patch b/gnu/packages/patches/libxml2-CVE-2016-3627.patch
deleted file mode 100644
index 782c9270cf..0000000000
--- a/gnu/packages/patches/libxml2-CVE-2016-3627.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From <http://seclists.org/fulldisclosure/2016/May/10>.
-
-From e5269fd1e83743f7e62c89eca45000c2e84e6edc Mon Sep 17 00:00:00 2001
-From: Peter Simons <psimons () suse com>
-Date: Thu, 14 Apr 2016 16:15:13 +0200
-Subject: [PATCH 1/2] xmlStringGetNodeList: limit the function to 1024
- recursions to avoid CVE-2016-3627
-
-This patch prevents stack overflows like the one reported in
-https://bugzilla.gnome.org/show_bug.cgi?id=762100.
----
- tree.c | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-Index: libxml2-2.9.3/tree.c
-===================================================================
---- libxml2-2.9.3.orig/tree.c
-+++ libxml2-2.9.3/tree.c
-@@ -1464,6 +1464,8 @@ out:
- return(ret);
- }
-
-+static xmlNodePtr xmlStringGetNodeListInternal(const xmlDoc *doc, const xmlChar *value, size_t recursionLevel);
-+
- /**
- * xmlStringGetNodeList:
- * @doc: the document
-@@ -1475,6 +1477,12 @@ out:
- */
- xmlNodePtr
- xmlStringGetNodeList(const xmlDoc *doc, const xmlChar *value) {
-+ return xmlStringGetNodeListInternal(doc, value, 0);
-+ }
-+
-+xmlNodePtr
-+xmlStringGetNodeListInternal(const xmlDoc *doc, const xmlChar *value, size_t recursionLevel) {
-+
- xmlNodePtr ret = NULL, last = NULL;
- xmlNodePtr node;
- xmlChar *val;
-@@ -1483,6 +1491,8 @@ xmlStringGetNodeList(const xmlDoc *doc,
- xmlEntityPtr ent;
- xmlBufPtr buf;
-
-+ if (recursionLevel > 1024) return(NULL);
-+
- if (value == NULL) return(NULL);
-
- buf = xmlBufCreateSize(0);
-@@ -1593,8 +1603,9 @@ xmlStringGetNodeList(const xmlDoc *doc,
- else if ((ent != NULL) && (ent->children == NULL)) {
- xmlNodePtr temp;
-
-- ent->children = xmlStringGetNodeList(doc,
-- (const xmlChar*)node->content);
-+ ent->children = xmlStringGetNodeListInternal(doc,
-+ (const xmlChar*)node->content,
-+ recursionLevel+1);
- ent->owner = 1;
- temp = ent->children;
- while (temp) {
generated by cgit v1.2.3 (git 2.45.0) at 2024-11-28 06:58:31 +0000