package/tinyxml: fix CVE-2021-42260
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
parent
6e46157821
commit
b23ef21029
@ -0,0 +1,37 @@
|
||||
From f7ca0035d17a663f55668e662b840afce7b86112 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Voegl <cvoegl@suse.com>
|
||||
Date: Wed, 27 Oct 2021 11:25:18 +0200
|
||||
Subject: [PATCH] In stamp always advance the pointer if *p= 0xef
|
||||
|
||||
The current implementation only advanced if 0xef is followed
|
||||
by two non-zero bytes. In case of malformed input (0xef should be
|
||||
the start byte of a three byte character) this leads to an infinite
|
||||
loop. (CVE-2021-42260)
|
||||
|
||||
[Retrieved (and backported) from:
|
||||
https://sourceforge.net/p/tinyxml/git/merge-requests/1]
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
---
|
||||
tinyxmlparser.cpp | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/tinyxmlparser.cpp b/src/tinyxmlparser.cpp
|
||||
index 81b7eae..8aa0dfa 100755
|
||||
--- a/src/tinyxmlparser.cpp
|
||||
+++ b/src/tinyxmlparser.cpp
|
||||
@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
|
||||
else
|
||||
{ p +=3; ++col; } // A normal character.
|
||||
}
|
||||
+ else
|
||||
+ {
|
||||
+ // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
|
||||
+ // there is something wrong here. Just advance the pointer to evade infinite loops
|
||||
+ ++p;
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{
|
||||
--
|
||||
2.34.1
|
||||
|
@ -14,4 +14,7 @@ TINYXML_LICENSE = Zlib
|
||||
TINYXML_LICENSE_FILES = README
|
||||
TINYXML_CPE_ID_VENDOT = tinyxml_project
|
||||
|
||||
# 0001-In-stamp-always-advance-the-pointer-if-p-0xef.patch
|
||||
TINYXML_IGNORE_CVES += CVE-2021-42260
|
||||
|
||||
$(eval $(autotools-package))
|
||||
|
Loading…
Reference in New Issue
Block a user