[maemo-commits] [maemo-commits] r15199 - in projects/haf/trunk/libxml2/debian: . patches

From: subversion at stage.maemo.org subversion at stage.maemo.org
Date: Tue Feb 19 16:51:29 EET 2008 
Author: kihamala
Date: 2008-02-19 16:51:26 +0200 (Tue, 19 Feb 2008)
New Revision: 15199

Added:
   projects/haf/trunk/libxml2/debian/patches/
   projects/haf/trunk/libxml2/debian/patches/01-CVE-2007-6284.patch
Modified:
   projects/haf/trunk/libxml2/debian/changelog
Log:
security patch to save the world


Modified: projects/haf/trunk/libxml2/debian/changelog
===================================================================
--- projects/haf/trunk/libxml2/debian/changelog	2008-02-19 14:26:56 UTC (rev 15198)
+++ projects/haf/trunk/libxml2/debian/changelog	2008-02-19 14:51:26 UTC (rev 15199)
@@ -1,3 +1,9 @@
+libxml2 (2.6.27.dfsg-1osso4~unreleased) unstable; urgency=low
+
+  * Added patch for CVE-2007-6284 security issue. Fixes: NB#79318
+
+ -- Kimmo Hämäläinen <kimmo.hamalainen at nokia.com>  Tue, 19 Feb 2008 16:40:29 +0200
+
 libxml2 (2.6.27.dfsg-1osso3) unstable; urgency=low
 
   * Prefer hardware floating point unless configured otherwise.

Added: projects/haf/trunk/libxml2/debian/patches/01-CVE-2007-6284.patch
===================================================================
--- projects/haf/trunk/libxml2/debian/patches/01-CVE-2007-6284.patch	2008-02-19 14:26:56 UTC (rev 15198)
+++ projects/haf/trunk/libxml2/debian/patches/01-CVE-2007-6284.patch	2008-02-19 14:51:26 UTC (rev 15199)
@@ -0,0 +1,57 @@
+--- libxml2-2.6.27.orig/parserInternals.c
++++ libxml2-2.6.27/parserInternals.c
+@@ -638,14 +638,13 @@
+ 
+ 	c = *cur;
+ 	if (c & 0x80) {
+-	    if (c == 0xC0)
++	    if (((c & 0x40) == 0) || (c == 0xC0))
+ 		goto encoding_error;
+ 	    if (cur[1] == 0)
+ 		xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
+ 	    if ((cur[1] & 0xc0) != 0x80)
+ 		goto encoding_error;
+ 	    if ((c & 0xe0) == 0xe0) {
+-
+ 		if (cur[2] == 0)
+ 		    xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
+ 		if ((cur[2] & 0xc0) != 0x80)
+@@ -662,18 +661,24 @@
+ 		    val |= (cur[1] & 0x3f) << 12;
+ 		    val |= (cur[2] & 0x3f) << 6;
+ 		    val |= cur[3] & 0x3f;
++		    if (val < 0x10000)
++			goto encoding_error;
+ 		} else {
+ 		  /* 3-byte code */
+ 		    *len = 3;
+ 		    val = (cur[0] & 0xf) << 12;
+ 		    val |= (cur[1] & 0x3f) << 6;
+ 		    val |= cur[2] & 0x3f;
++		    if (val < 0x800)
++			goto encoding_error;
+ 		}
+ 	    } else {
+ 	      /* 2-byte code */
+ 		*len = 2;
+ 		val = (cur[0] & 0x1f) << 6;
+ 		val |= cur[1] & 0x3f;
++		if (val < 0x80)
++		    goto encoding_error;
+ 	    }
+ 	    if (!IS_CHAR(val)) {
+ 	        xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
+@@ -683,6 +688,13 @@
+ 	} else {
+ 	    /* 1-byte code */
+ 	    *len = 1;
++	    if (*ctxt->input->cur == 0)
++		xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
++	    if ((*ctxt->input->cur == 0) &&
++	        (ctxt->input->end > ctxt->input->cur)) {
++	        xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
++				  "Char 0x%X out of allowed range\n", val);
++	    }
+ 	    if (*ctxt->input->cur == 0xD) {
+ 		if (ctxt->input->cur[1] == 0xA) {
+ 		    ctxt->nbChars++;
More information about the maemo-commits mailing list