diff options
Diffstat (limited to 'yocto-poky/meta/recipes-core/libxml/libxml2/0001-CVE-2015-5312-Another-entity-expansion-issue.patch')
| -rw-r--r-- | yocto-poky/meta/recipes-core/libxml/libxml2/0001-CVE-2015-5312-Another-entity-expansion-issue.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/yocto-poky/meta/recipes-core/libxml/libxml2/0001-CVE-2015-5312-Another-entity-expansion-issue.patch b/yocto-poky/meta/recipes-core/libxml/libxml2/0001-CVE-2015-5312-Another-entity-expansion-issue.patch deleted file mode 100644 index 979618d2c..000000000 --- a/yocto-poky/meta/recipes-core/libxml/libxml2/0001-CVE-2015-5312-Another-entity-expansion-issue.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 69030714cde66d525a8884bda01b9e8f0abf8e1e Mon Sep 17 00:00:00 2001 -From: David Drysdale <drysdale@google.com> -Date: Fri, 20 Nov 2015 11:13:45 +0800 -Subject: [PATCH] CVE-2015-5312 Another entity expansion issue - -For https://bugzilla.gnome.org/show_bug.cgi?id=756733 -It is one case where the code in place to detect entities expansions -failed to exit when the situation was detected, leading to DoS -Problem reported by Kostya Serebryany @ Google -Patch provided by David Drysdale @ Google - -Upstream-Status: Backport - -CVE-2015-5312 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - parser.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/parser.c b/parser.c -index b7b6668..da6e729 100644 ---- a/parser.c -+++ b/parser.c -@@ -2806,6 +2806,10 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, - 0, 0, 0); - ctxt->depth--; - -+ if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) || -+ (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR)) -+ goto int_error; -+ - if (rep != NULL) { - current = rep; - while (*current != 0) { /* non input consuming loop */ --- -2.3.5 - |
