86e027f6d3
CVE-2017-8872: An attackers can cause a denial of service (buffer over-read) or information disclosure. Patch from the upstream bug tracker. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
34 lines
890 B
Diff
34 lines
890 B
Diff
From 8b329effb610f4138e4e680f6a6867570f6d6179 Mon Sep 17 00:00:00 2001
|
|
From: Baruch Siach <baruch@tkos.co.il>
|
|
Date: Fri, 9 Feb 2018 10:58:11 +0200
|
|
Subject: [PATCH] CVE-2017-8872
|
|
|
|
Taken from attachment to upstream bug report comment #9.
|
|
|
|
https://bugzilla.gnome.org/show_bug.cgi?id=775200#c9
|
|
https://bugzilla.gnome.org/attachment.cgi?id=366193&action=diff
|
|
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
|
---
|
|
parser.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/parser.c b/parser.c
|
|
index 1c5e036ea265..025111067ae8 100644
|
|
--- a/parser.c
|
|
+++ b/parser.c
|
|
@@ -12467,6 +12467,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
|
|
ctxt->input->cur = BAD_CAST"";
|
|
ctxt->input->base = ctxt->input->cur;
|
|
ctxt->input->end = ctxt->input->cur;
|
|
+ if (ctxt->input->buf)
|
|
+ xmlBufEmpty (ctxt->input->buf->buffer);
|
|
+ else
|
|
+ ctxt->input->length = 0;
|
|
}
|
|
}
|
|
|
|
--
|
|
2.15.1
|
|
|