Fix libxml2 heap buffer overflow vulnability.

PR:		ports/164270
Submitted by:	kj <b4039413@nwldx.com>
Security:	57f1a624-6197-11e1-b98c-bcaec565249c

2 files changed, 26 insertions, 1 deletions

diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index 22d5e8666e87..e4262bc5d65b 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -13,7 +13,7 @@
 
 PORTNAME=	libxml2
 PORTVERSION=	2.7.8
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES?=	textproc gnome
 MASTER_SITES=	ftp://fr.rpmfind.net/pub/libxml/ \
 		ftp://gd.tuwien.ac.at/pub/libxml/ \
diff --git a/textproc/libxml2/files/patch-parser.c b/textproc/libxml2/files/patch-parser.c
new file mode 100644
index 000000000000..d44616c8f1eb
--- /dev/null
+++ b/textproc/libxml2/files/patch-parser.c
@@ -0,0 +1,25 @@
+Commit doesn't mention it but this fixes CVE-2011-3919
+
+From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 16 Dec 2011 10:53:35 +0000
+Subject: Fix an allocation error when copying entities
+
+---
+(limited to 'parser.c')
+
+diff --git a/parser.c b/parser.c
+index 4e5dcb9..c55e41d 100644
+--- parser.c
++++ parser.c
+@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ 
+ 		buffer[nbchars++] = '&';
+ 		if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
+-		    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
++		    growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
+ 		}
+ 		for (;i > 0;i--)
+ 		    buffer[nbchars++] = *cur++;
+--
+cgit v0.9.0.2