Репозитории ALT
| S: | 2.10.4-alt1 |
| 5.1: | 2.7.8-alt3.M50P.1 |
| 4.1: | 2.7.2-alt1.M41.2 |
| +updates: | 2.6.32-alt2.M41.2 |
| 4.0: | 2.7.2-alt1.M40.1 |
| +updates: | 2.6.31-alt1 |
| 3.0: | 2.6.20-alt1 |
Группа :: Система/Библиотеки
Пакет: libxml2
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: libxml2-2.7.2-CVE.patch
Скачать
Скачать
--- parser.c.orig 2009-08-03 15:33:12.000000000 +0200
+++ parser.c 2009-08-03 15:36:26.000000000 +0200
@@ -5300,7 +5300,8 @@ xmlParseNotationType(xmlParserCtxtPtr ctxt) { if (name == NULL) {xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
"Name expected in NOTATION declaration\n");
- return(ret);
+ xmlFreeEnumeration(ret);
+ return(NULL);
}
tmp = ret;
while (tmp != NULL) {@@ -5316,7 +5317,10 @@ xmlParseNotationType(xmlParserCtxtPtr ctxt) {}
if (tmp == NULL) {cur = xmlCreateEnumeration(name);
- if (cur == NULL) return(ret);
+ if (cur == NULL) {+ xmlFreeEnumeration(ret);
+ return(NULL);
+ }
if (last == NULL) ret = last = cur;
else {last->next = cur;
@@ -4791,9 +4796,8 @@ xmlParseNotationType(xmlParserCtxtPtr ct
} while (RAW == '|');
if (RAW != ')') {xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
- if ((last != NULL) && (last != ret))
- xmlFreeEnumeration(last);
- return(ret);
+ xmlFreeEnumeration(ret);
+ return(NULL);
}
NEXT;
return(ret);
@@ -4834,7 +4838,10 @@ xmlParseEnumerationType(xmlParserCtxtPtr
cur = xmlCreateEnumeration(name);
if (!xmlDictOwns(ctxt->dict, name))
xmlFree(name);
- if (cur == NULL) return(ret);
+ if (cur == NULL) {+ xmlFreeEnumeration(ret);
+ return(NULL);
+ }
if (last == NULL) ret = last = cur;
else {last->next = cur;
@@ -5232,6 +5239,12 @@ xmlParseElementChildrenContentDecl (xmlP
const xmlChar *elem;
xmlChar type = 0;
+ if (ctxt->depth > 128) {+ xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED,
+ "xmlParseElementChildrenContentDecl : depth %d too deep\n",
+ ctxt->depth);
+ return(NULL);
+ }
SKIP_BLANKS;
GROW;
if (RAW == '(') {@@ -5240,7 +5253,9 @@ xmlParseElementChildrenContentDecl (xmlP
/* Recurse on first child */
NEXT;
SKIP_BLANKS;
+ ctxt->depth++;
cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ ctxt->depth--;
SKIP_BLANKS;
GROW;
} else {@@ -5370,7 +5385,9 @@ xmlParseElementChildrenContentDecl (xmlP
/* Recurse on second child */
NEXT;
SKIP_BLANKS;
+ ctxt->depth++;
last = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ ctxt->depth--;
SKIP_BLANKS;
} else {elem = xmlParseName(ctxt);