diff options
author | Koop Mast <kwm@FreeBSD.org> | 2012-02-27 23:12:03 +0000 |
---|---|---|
committer | Koop Mast <kwm@FreeBSD.org> | 2012-02-27 23:12:03 +0000 |
commit | 6966f2b88e2e98bea36d6a76a4c85c96682d8e3f (patch) | |
tree | 4c70ea20d128981943597f6d79e6707591109129 /textproc/libxml2 | |
parent | 20f0df88343f5d19732721e8b05dc9058e660902 (diff) | |
download | ports-6966f2b88e2e98bea36d6a76a4c85c96682d8e3f.tar.gz ports-6966f2b88e2e98bea36d6a76a4c85c96682d8e3f.zip |
Fix libxml2 heap buffer overflow vulnability.
PR: ports/164270
Submitted by: kj <b4039413@nwldx.com>
Security: 57f1a624-6197-11e1-b98c-bcaec565249c
Notes
Notes:
svn path=/head/; revision=292333
Diffstat (limited to 'textproc/libxml2')
-rw-r--r-- | textproc/libxml2/Makefile | 2 | ||||
-rw-r--r-- | textproc/libxml2/files/patch-parser.c | 25 |
2 files changed, 26 insertions, 1 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 22d5e8666e87..e4262bc5d65b 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -13,7 +13,7 @@ PORTNAME= libxml2 PORTVERSION= 2.7.8 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES?= textproc gnome MASTER_SITES= ftp://fr.rpmfind.net/pub/libxml/ \ ftp://gd.tuwien.ac.at/pub/libxml/ \ diff --git a/textproc/libxml2/files/patch-parser.c b/textproc/libxml2/files/patch-parser.c new file mode 100644 index 000000000000..d44616c8f1eb --- /dev/null +++ b/textproc/libxml2/files/patch-parser.c @@ -0,0 +1,25 @@ +Commit doesn't mention it but this fixes CVE-2011-3919 + +From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Fri, 16 Dec 2011 10:53:35 +0000 +Subject: Fix an allocation error when copying entities + +--- +(limited to 'parser.c') + +diff --git a/parser.c b/parser.c +index 4e5dcb9..c55e41d 100644 +--- parser.c ++++ parser.c +@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + + buffer[nbchars++] = '&'; + if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { +- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); ++ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); + } + for (;i > 0;i--) + buffer[nbchars++] = *cur++; +-- +cgit v0.9.0.2 |