forked from pool/xerces-c
Accepting request 403800 from home:zawel1:branches:devel:libraries:c_c++
- Update to 3.1.3 * bug fixes + memcpy used on overlapping memory regions causes sanity test failure + Typo in XMLUni::fgUnknownURIName constant + Buffer overruns in prolog parsing and error handling - Dropped xerces-c-CVE-2016-0729.patch, fixed upstream. OBS-URL: https://build.opensuse.org/request/show/403800 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=22
This commit is contained in:
parent
4ede327720
commit
0e4f002d64
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:743bd0a029bf8de56a587c270d97031e0099fe2b7142cef03e0da16e282655a0
|
||||
size 6959894
|
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iQIcBAABCgAGBQJVCZSnAAoJEDeLhFQCJ3liDegP/jtKeuHuCzdkJHE1GmOZxauQ
|
||||
1EEKY184iFd6vfFWVrO5t05GvtM7lQ+JducddvyUJ2Y6zOxQQys22zN41PhPMeo7
|
||||
YvOp1nw04XVolke9nOzMm2s9qlYKtF+darXVZAi/ISYay36MLS1fQwx/B+tT/okM
|
||||
jZFwA1pvzFI/YZ79Pj1k1W9VAlRXCGfOSveMasHv4Y97fFyQLIsyL85OetAqbIBR
|
||||
UjGUZY47lcJYEMxu2SGwpCDr8hOcphF61qIDtnPdOzjHtyNfleWBYHgZhJcna1C4
|
||||
lO+1BkOzzHb9Hclpu6TeDz2jPnJG6Eaxj+bG02EjSbhvgZSY+2pYFjDQUAulFNcp
|
||||
ADidIh8oMke9Qv/CMesf8GagiPmPs3ftHM5+B1rYvSo8XyTJvsFrKUdDRaGPHpv7
|
||||
uAAh+MI8WmvIqun7J14VZobvNb2rrVdWWitMG74eoW0ZB84P2uR7A9bIX8EaxIph
|
||||
Kfe3DvUuB1/4Y5WlfOPsbl8KD5/QKvCwEnSJUd+VAxJJ3T1K74kycLNfTg4hwpF1
|
||||
pPN6OCBXpeepkFN5z4UPxk3wTWjtv8vNqp0T3kx73kIwlpwcEYy3aeBiDuM7WaQ/
|
||||
9aMQSWr0xbG4xlcQkl1T1nAspnszzr6V4igSpDep5sCLnyszXTICDpxRLrGPieaD
|
||||
2kYITLYANPAluikgnX1i
|
||||
=lzt1
|
||||
-----END PGP SIGNATURE-----
|
3
xerces-c-3.1.3.tar.gz
Normal file
3
xerces-c-3.1.3.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f3d4f73db7c981e16db2b16d9424b0c75d9fbd30ad81747cac047bc6170b5b49
|
||||
size 9009575
|
17
xerces-c-3.1.3.tar.gz.asc
Normal file
17
xerces-c-3.1.3.tar.gz.asc
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2
|
||||
|
||||
iQIcBAABCAAGBQJWxIfxAAoJEDeLhFQCJ3lilE8P/2vIKgW/8osvAZ2BCBGAUb24
|
||||
qpxNvdYOGM3TUvqtdxUgL8+FYXB8iUS40iH3wCO48eUJU5fwvV/p5aW4/vly3AUP
|
||||
MrLusDuYCMdVFua1cbGp2++e1HqFG5++3z/BwHjG4PnvzmiIiICPoFlVVpNXHSd2
|
||||
dOXU+7HKBzrBTP4kOSv9jOx/OBpuTg+OnGUcy3BrR3cn1WCjjU37FLFr55XLm4u9
|
||||
2V25IByhY/NP5GTCHRwu4fUE7bNVC64sN3J7gVtRTK4HbS353rx+30EteN7jdBit
|
||||
/3PqprmIQHATn+WqEybAm3a6ofyX1+qwZjvF28j60NGupYbl5ZYIrSsXY+A0MZgb
|
||||
qmFyVYWzaDW722RuGUIoKPO98G+kzywdVN+o0EZ10BmAHsw9kZIP4GLsuvgmNs3B
|
||||
iJYSRlqyw47/Q566REo0tibIWUtWUlljG4QMfIpMhwW2dNFgPDk4kL0a5KKjYwD5
|
||||
eAjvcaQdA8i2XJX8Dd8VLhPPBvJK2VaSx1BHnYFZZBqcD6ZrxjckaAc2n97beet5
|
||||
tbSp1h7oNMn9A6EjbAqVz4gWgslix3NtHYHMKcBjoZORbmiC+KQc60zwlY7IVwtD
|
||||
V9pLX8W9ce8aCsXsRhecvxwnDtJHro3730oKd+gG3+xPxSqtOM1c0BGEmV/liy+W
|
||||
O0R7LgVTzKkaBKqSmkTD
|
||||
=0g/c
|
||||
-----END PGP SIGNATURE-----
|
@ -1,377 +0,0 @@
|
||||
Index: xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp
|
||||
===================================================================
|
||||
--- xerces-c-3.1.1.orig/src/xercesc/internal/XMLReader.cpp
|
||||
+++ xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp
|
||||
@@ -1460,8 +1460,30 @@ void XMLReader::doInitDecode()
|
||||
|
||||
while (fRawBufIndex < fRawBytesAvail)
|
||||
{
|
||||
- // Security fix: make sure there are at least sizeof(UCS4Ch) bytes to consume.
|
||||
+ // Make sure there are at least sizeof(UCS4Ch) bytes to consume.
|
||||
if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) {
|
||||
+ fCharsAvail = 0;
|
||||
+ fRawBufIndex = 0;
|
||||
+ fMemoryManager->deallocate(fPublicId);
|
||||
+ fMemoryManager->deallocate(fEncodingStr);
|
||||
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
|
||||
+ ThrowXMLwithMemMgr1
|
||||
+ (
|
||||
+ TranscodingException
|
||||
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
|
||||
+ , fSystemId
|
||||
+ , fMemoryManager
|
||||
+ );
|
||||
+ }
|
||||
+
|
||||
+ // Make sure we don't exhaust the limited prolog buffer size.
|
||||
+ // Leave room for a space added at the end of this function.
|
||||
+ if (fCharsAvail == kCharBufSize - 1) {
|
||||
+ fCharsAvail = 0;
|
||||
+ fRawBufIndex = 0;
|
||||
+ fMemoryManager->deallocate(fPublicId);
|
||||
+ fMemoryManager->deallocate(fEncodingStr);
|
||||
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
|
||||
ThrowXMLwithMemMgr1
|
||||
(
|
||||
TranscodingException
|
||||
@@ -1547,6 +1569,23 @@ void XMLReader::doInitDecode()
|
||||
const char curCh = *asChars++;
|
||||
fRawBufIndex++;
|
||||
|
||||
+ // Make sure we don't exhaust the limited prolog buffer size.
|
||||
+ // Leave room for a space added at the end of this function.
|
||||
+ if (fCharsAvail == kCharBufSize - 1) {
|
||||
+ fCharsAvail = 0;
|
||||
+ fRawBufIndex = 0;
|
||||
+ fMemoryManager->deallocate(fPublicId);
|
||||
+ fMemoryManager->deallocate(fEncodingStr);
|
||||
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
|
||||
+ ThrowXMLwithMemMgr1
|
||||
+ (
|
||||
+ TranscodingException
|
||||
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
|
||||
+ , fSystemId
|
||||
+ , fMemoryManager
|
||||
+ );
|
||||
+ }
|
||||
+
|
||||
// Looks ok, so store it
|
||||
fCharSizeBuf[fCharsAvail] = 1;
|
||||
fCharBuf[fCharsAvail++] = XMLCh(curCh);
|
||||
@@ -1630,8 +1669,30 @@ void XMLReader::doInitDecode()
|
||||
|
||||
while (fRawBufIndex < fRawBytesAvail)
|
||||
{
|
||||
- // Security fix: make sure there are at least sizeof(UTF16Ch) bytes to consume.
|
||||
+ // Make sure there are at least sizeof(UTF16Ch) bytes to consume.
|
||||
if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) {
|
||||
+ fCharsAvail = 0;
|
||||
+ fRawBufIndex = 0;
|
||||
+ fMemoryManager->deallocate(fPublicId);
|
||||
+ fMemoryManager->deallocate(fEncodingStr);
|
||||
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
|
||||
+ ThrowXMLwithMemMgr1
|
||||
+ (
|
||||
+ TranscodingException
|
||||
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
|
||||
+ , fSystemId
|
||||
+ , fMemoryManager
|
||||
+ );
|
||||
+ }
|
||||
+
|
||||
+ // Make sure we don't exhaust the limited prolog buffer size.
|
||||
+ // Leave room for a space added at the end of this function.
|
||||
+ if (fCharsAvail == kCharBufSize - 1) {
|
||||
+ fCharsAvail = 0;
|
||||
+ fRawBufIndex = 0;
|
||||
+ fMemoryManager->deallocate(fPublicId);
|
||||
+ fMemoryManager->deallocate(fEncodingStr);
|
||||
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
|
||||
ThrowXMLwithMemMgr1
|
||||
(
|
||||
TranscodingException
|
||||
@@ -1676,6 +1737,24 @@ void XMLReader::doInitDecode()
|
||||
const XMLCh chCur = XMLEBCDICTranscoder::xlatThisOne(*srcPtr++);
|
||||
fRawBufIndex++;
|
||||
|
||||
+ // Make sure we don't exhaust the limited prolog buffer size.
|
||||
+ // Leave room for a space added at the end of this function.
|
||||
+ if (fCharsAvail == kCharBufSize - 1) {
|
||||
+ fCharsAvail = 0;
|
||||
+ fRawBufIndex = 0;
|
||||
+ fMemoryManager->deallocate(fPublicId);
|
||||
+ fMemoryManager->deallocate(fEncodingStr);
|
||||
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
|
||||
+ ThrowXMLwithMemMgr1
|
||||
+ (
|
||||
+ TranscodingException
|
||||
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
|
||||
+ , fSystemId
|
||||
+ , fMemoryManager
|
||||
+ );
|
||||
+ }
|
||||
+
|
||||
+
|
||||
//
|
||||
// And put it into the character buffer. This stuff has to
|
||||
// look like it was normally transcoded.
|
||||
@@ -1730,7 +1809,7 @@ void XMLReader::doInitDecode()
|
||||
//
|
||||
void XMLReader::refreshRawBuffer()
|
||||
{
|
||||
- // Security fix: make sure we don't underflow on the subtraction.
|
||||
+ // Make sure we don't underflow on the subtraction.
|
||||
if (fRawBufIndex > fRawBytesAvail) {
|
||||
ThrowXMLwithMemMgr1
|
||||
(
|
||||
Index: xerces-c-3.1.1/src/xercesc/util/XMLURL.cpp
|
||||
===================================================================
|
||||
--- xerces-c-3.1.1.orig/src/xercesc/util/XMLURL.cpp
|
||||
+++ xerces-c-3.1.1/src/xercesc/util/XMLURL.cpp
|
||||
@@ -611,9 +611,20 @@ BinInputStream* XMLURL::makeNewStream()
|
||||
|
||||
while (percentIndex != -1) {
|
||||
|
||||
- if (percentIndex+2 >= (int)end ||
|
||||
- !isHexDigit(realPath[percentIndex+1]) ||
|
||||
- !isHexDigit(realPath[percentIndex+2]))
|
||||
+ // Isolate the length/boundary check so we don't try and copy off the end.
|
||||
+ if (percentIndex+2 >= (int)end)
|
||||
+ {
|
||||
+ XMLCh value1[3];
|
||||
+ value1[1] = chNull;
|
||||
+ value1[2] = chNull;
|
||||
+ XMLString::moveChars(value1, &(realPath[percentIndex]), (percentIndex + 1 >= (int)end ? 1 : 2));
|
||||
+ ThrowXMLwithMemMgr2(MalformedURLException
|
||||
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
|
||||
+ , realPath
|
||||
+ , value1
|
||||
+ , fMemoryManager);
|
||||
+ }
|
||||
+ else if (!isHexDigit(realPath[percentIndex+1]) || !isHexDigit(realPath[percentIndex+2]))
|
||||
{
|
||||
XMLCh value1[4];
|
||||
XMLString::moveChars(value1, &(realPath[percentIndex]), 3);
|
||||
Index: xerces-c-3.1.1/src/xercesc/util/XMLUri.cpp
|
||||
===================================================================
|
||||
--- xerces-c-3.1.1.orig/src/xercesc/util/XMLUri.cpp
|
||||
+++ xerces-c-3.1.1/src/xercesc/util/XMLUri.cpp
|
||||
@@ -875,11 +875,21 @@ void XMLUri::initializePath(const XMLCh*
|
||||
// check for valid escape sequence
|
||||
if (testChar == chPercent)
|
||||
{
|
||||
- if (index+2 >= end ||
|
||||
- !XMLString::isHex(uriSpec[index+1]) ||
|
||||
- !XMLString::isHex(uriSpec[index+2]))
|
||||
+ if (index + 2 >= end)
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[3];
|
||||
+ value1[1] = chNull;
|
||||
+ value1[2] = chNull;
|
||||
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2));
|
||||
+ ThrowXMLwithMemMgr2(MalformedURLException
|
||||
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
|
||||
+ , errMsg_PATH
|
||||
+ , value1
|
||||
+ , fMemoryManager);
|
||||
+ }
|
||||
+ else if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2]))
|
||||
+ {
|
||||
+ XMLCh value1[4];
|
||||
XMLString::moveChars(value1, &(uriSpec[index]), 3);
|
||||
value1[3] = chNull;
|
||||
ThrowXMLwithMemMgr2(MalformedURLException
|
||||
@@ -892,7 +902,7 @@ void XMLUri::initializePath(const XMLCh*
|
||||
else if (!isUnreservedCharacter(testChar) &&
|
||||
!isPathCharacter(testChar))
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[2];
|
||||
value1[0] = testChar;
|
||||
value1[1] = chNull;
|
||||
ThrowXMLwithMemMgr2(MalformedURLException
|
||||
@@ -920,11 +930,21 @@ void XMLUri::initializePath(const XMLCh*
|
||||
// check for valid escape sequence
|
||||
if (testChar == chPercent)
|
||||
{
|
||||
- if (index+2 >= end ||
|
||||
- !XMLString::isHex(uriSpec[index+1]) ||
|
||||
- !XMLString::isHex(uriSpec[index+2]))
|
||||
+ if (index + 2 >= end)
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[3];
|
||||
+ value1[1] = chNull;
|
||||
+ value1[2] = chNull;
|
||||
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2));
|
||||
+ ThrowXMLwithMemMgr2(MalformedURLException
|
||||
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
|
||||
+ , errMsg_PATH
|
||||
+ , value1
|
||||
+ , fMemoryManager);
|
||||
+ }
|
||||
+ else if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2]))
|
||||
+ {
|
||||
+ XMLCh value1[4];
|
||||
XMLString::moveChars(value1, &(uriSpec[index]), 3);
|
||||
value1[3] = chNull;
|
||||
ThrowXMLwithMemMgr2(MalformedURLException
|
||||
@@ -941,7 +961,7 @@ void XMLUri::initializePath(const XMLCh*
|
||||
// contains '[' and ']'.
|
||||
else if (!isReservedOrUnreservedCharacter(testChar))
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[2];
|
||||
value1[0] = testChar;
|
||||
value1[1] = chNull;
|
||||
ThrowXMLwithMemMgr2(MalformedURLException
|
||||
@@ -979,11 +999,21 @@ void XMLUri::initializePath(const XMLCh*
|
||||
|
||||
if (testChar == chPercent)
|
||||
{
|
||||
- if (index+2 >= end ||
|
||||
- !XMLString::isHex(uriSpec[index+1]) ||
|
||||
- !XMLString::isHex(uriSpec[index+2]))
|
||||
+ if (index + 2 >= end)
|
||||
+ {
|
||||
+ XMLCh value1[3];
|
||||
+ value1[1] = chNull;
|
||||
+ value1[2] = chNull;
|
||||
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2));
|
||||
+ ThrowXMLwithMemMgr2(MalformedURLException
|
||||
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
|
||||
+ , errMsg_QUERY
|
||||
+ , value1
|
||||
+ , fMemoryManager);
|
||||
+ }
|
||||
+ if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2]))
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[4];
|
||||
XMLString::moveChars(value1, &(uriSpec[index]), 3);
|
||||
value1[3] = chNull;
|
||||
ThrowXMLwithMemMgr2(MalformedURLException
|
||||
@@ -995,7 +1025,7 @@ void XMLUri::initializePath(const XMLCh*
|
||||
}
|
||||
else if (!isReservedOrUnreservedCharacter(testChar))
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[2];
|
||||
value1[0] = testChar;
|
||||
value1[1] = chNull;
|
||||
ThrowXMLwithMemMgr2(MalformedURLException
|
||||
@@ -1030,11 +1060,21 @@ void XMLUri::initializePath(const XMLCh*
|
||||
|
||||
if (testChar == chPercent)
|
||||
{
|
||||
- if (index+2 >= end ||
|
||||
- !XMLString::isHex(uriSpec[index+1]) ||
|
||||
- !XMLString::isHex(uriSpec[index+2]))
|
||||
+ if (index + 2 >= end)
|
||||
+ {
|
||||
+ XMLCh value1[3];
|
||||
+ value1[1] = chNull;
|
||||
+ value1[2] = chNull;
|
||||
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2));
|
||||
+ ThrowXMLwithMemMgr2(MalformedURLException
|
||||
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
|
||||
+ , errMsg_FRAGMENT
|
||||
+ , value1
|
||||
+ , fMemoryManager);
|
||||
+ }
|
||||
+ if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2]))
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[4];
|
||||
XMLString::moveChars(value1, &(uriSpec[index]), 3);
|
||||
value1[3] = chNull;
|
||||
ThrowXMLwithMemMgr2(MalformedURLException
|
||||
@@ -1046,7 +1086,7 @@ void XMLUri::initializePath(const XMLCh*
|
||||
}
|
||||
else if (!isReservedOrUnreservedCharacter(testChar))
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[2];
|
||||
value1[0] = testChar;
|
||||
value1[1] = chNull;
|
||||
ThrowXMLwithMemMgr2(MalformedURLException
|
||||
@@ -1410,14 +1450,15 @@ void XMLUri::isConformantUserInfo(const
|
||||
}
|
||||
else if (*tmpStr == chPercent) // '%'
|
||||
{
|
||||
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
|
||||
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
|
||||
+ if (XMLString::stringLen(tmpStr) >= 3
|
||||
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
|
||||
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
|
||||
{
|
||||
tmpStr+=3;
|
||||
}
|
||||
else
|
||||
{
|
||||
- XMLCh value1[BUF_LEN+1];
|
||||
+ XMLCh value1[4];
|
||||
value1[0] = chPercent;
|
||||
value1[1] = *(tmpStr+1);
|
||||
value1[2] = *(tmpStr+2);
|
||||
@@ -1468,8 +1509,9 @@ bool XMLUri::isValidServerBasedAuthority
|
||||
}
|
||||
else if (userinfo[index] == chPercent) // '%'
|
||||
{
|
||||
- if (XMLString::isHex(userinfo[index+1]) && // 1st hex
|
||||
- XMLString::isHex(userinfo[index+2]) ) // 2nd hex
|
||||
+ if (index + 2 < userLen
|
||||
+ && XMLString::isHex(userinfo[index+1]) // 1st hex
|
||||
+ && XMLString::isHex(userinfo[index+2]) ) // 2nd hex
|
||||
index +=3;
|
||||
else
|
||||
return false;
|
||||
@@ -1508,8 +1550,9 @@ bool XMLUri::isValidServerBasedAuthority
|
||||
}
|
||||
else if (*tmpStr == chPercent) // '%'
|
||||
{
|
||||
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
|
||||
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
|
||||
+ if (XMLString::stringLen(tmpStr) >= 3
|
||||
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
|
||||
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
|
||||
{
|
||||
tmpStr+=3;
|
||||
}
|
||||
@@ -1537,8 +1580,9 @@ bool XMLUri::isValidRegistryBasedAuthori
|
||||
}
|
||||
else if (authority[index] == chPercent) // '%'
|
||||
{
|
||||
- if (XMLString::isHex(authority[index+1]) && // 1st hex
|
||||
- XMLString::isHex(authority[index+2]) ) // 2nd hex
|
||||
+ if (index + 2 < authLen
|
||||
+ && XMLString::isHex(authority[index+1]) // 1st hex
|
||||
+ && XMLString::isHex(authority[index+2]) ) // 2nd hex
|
||||
index +=3;
|
||||
else
|
||||
return false;
|
||||
@@ -1566,8 +1610,9 @@ bool XMLUri::isValidRegistryBasedAuthori
|
||||
}
|
||||
else if (*tmpStr == chPercent) // '%'
|
||||
{
|
||||
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
|
||||
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
|
||||
+ if (XMLString::stringLen(tmpStr) >= 3
|
||||
+ && XMLString::isHex(*(tmpStr + 1)) // 1st hex
|
||||
+ && XMLString::isHex(*(tmpStr + 2))) // 2nd hex
|
||||
{
|
||||
tmpStr+=3;
|
||||
}
|
||||
@@ -1602,8 +1647,9 @@ bool XMLUri::isURIString(const XMLCh* co
|
||||
}
|
||||
else if (*tmpStr == chPercent) // '%'
|
||||
{
|
||||
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
|
||||
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
|
||||
+ if (XMLString::stringLen(tmpStr) >=3
|
||||
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
|
||||
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
|
||||
{
|
||||
tmpStr+=3;
|
||||
}
|
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 21 11:00:01 CEST 2016 - zawel1@gmail.com
|
||||
- Update to 3.1.3
|
||||
* bug fixes
|
||||
+ memcpy used on overlapping memory regions causes sanity test failure
|
||||
+ Typo in XMLUni::fgUnknownURIName constant
|
||||
+ Buffer overruns in prolog parsing and error handling
|
||||
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 16 15:43:53 UTC 2016 - pjanouch@suse.de
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: xerces-c
|
||||
Version: 3.1.2
|
||||
Version: 3.1.3
|
||||
Release: 0
|
||||
Summary: A Validating XML Parser
|
||||
License: Apache-2.0
|
||||
@ -27,8 +27,6 @@ Source0: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}
|
||||
Source1: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}.tar.gz.asc
|
||||
Source2: %{name}.keyring
|
||||
Source3: baselibs.conf
|
||||
# PATCH-FIX-UPSTREAM bsc#966822
|
||||
Patch2: %{name}-CVE-2016-0729.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#979208
|
||||
Patch3: %{name}-CVE-2016-2099.patch
|
||||
BuildRequires: fdupes
|
||||
@ -95,7 +93,6 @@ This package includes files needed for development with Xerces-c
|
||||
|
||||
%prep
|
||||
%setup -q -n xerces-c-%{version}
|
||||
%patch2 -p1
|
||||
%patch3 -p0
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user