import xmlrpc-c-1.51.0-5.el8_5.1

This commit is contained in:
CentOS Sources 2022-04-28 10:08:15 -04:00 committed by Stepan Oksanichenko
parent 6c3bb94bb0
commit 14c7b90c19
2 changed files with 94 additions and 1 deletions

View File

@ -0,0 +1,89 @@
From 6aee99f381cc5bdfb6e514ac1e82f5e7b0fa7e2d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 25 Feb 2022 16:42:35 -0500
Subject: [PATCH 5/6] Add missing validation of encoding (CVE-2022-25235)
Backported from upstream https://github.com/libexpat/libexpat/pull/562
Resolves: #2058114
---
lib/expat/xmltok/xmltok.c | 21 +++++++++++++++------
lib/expat/xmltok/xmltok_impl.c | 8 ++++++--
2 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/lib/expat/xmltok/xmltok.c b/lib/expat/xmltok/xmltok.c
index 7b31fbb..3b0c950 100644
--- a/lib/expat/xmltok/xmltok.c
+++ b/lib/expat/xmltok/xmltok.c
@@ -61,12 +61,17 @@ We need 8 bits to index into pages, 3 bits to add to that index and
? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
: 0))
+#define UTF8_INVALID2(p) \
+ ((*p) < 0xC2 || ((p)[1] & 0x80) == 0 || ((p)[1] & 0xC0) == 0xC0)
+
#define UTF8_INVALID3(p) \
- ((*p) == 0xED \
- ? (((p)[1] & 0x20) != 0) \
- : ((*p) == 0xEF \
- ? ((p)[1] == 0xBF && ((p)[2] == 0xBF || (p)[2] == 0xBE)) \
- : 0))
+ (((p)[2] & 0x80) == 0 \
+ || ((*p) == 0xEF && (p)[1] == 0xBF ? (p)[2] > 0xBD \
+ : ((p)[2] & 0xC0) == 0xC0) \
+ || ((*p) == 0xE0 \
+ ? (p)[1] < 0xA0 || ((p)[1] & 0xC0) == 0xC0 \
+ : ((p)[1] & 0x80) == 0 \
+ || ((*p) == 0xED ? (p)[1] > 0x9F : ((p)[1] & 0xC0) == 0xC0)))
#define UTF8_INVALID4(p) ((*p) == 0xF4 && ((p)[1] & 0x30) != 0)
@@ -104,7 +109,11 @@ int utf8_isNmstrt3(const ENCODING *enc ATTR_UNUSED, const char *p)
#define utf8_isNmstrt4 isNever
-#define utf8_isInvalid2 isNever
+static
+int utf8_isInvalid2(const ENCODING *enc ATTR_UNUSED, const char *p)
+{
+ return UTF8_INVALID2((const unsigned char *)p);
+}
static
int utf8_isInvalid3(const ENCODING *enc ATTR_UNUSED, const char *p)
diff --git a/lib/expat/xmltok/xmltok_impl.c b/lib/expat/xmltok/xmltok_impl.c
index d035527..bae79b9 100644
--- a/lib/expat/xmltok/xmltok_impl.c
+++ b/lib/expat/xmltok/xmltok_impl.c
@@ -43,7 +43,7 @@ See the file copying.txt for copying permission.
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NAME_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || !IS_NAME_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -71,7 +71,7 @@ See the file copying.txt for copying permission.
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || !IS_NMSTRT_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -1168,6 +1168,10 @@ int PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
+ if (IS_INVALID_CHAR(enc, ptr, n)) { \
+ *nextTokPtr = ptr; \
+ return XML_TOK_INVALID; \
+ } \
if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
ptr += n; \
tok = XML_TOK_NAME; \
--
2.31.1

View File

@ -6,7 +6,7 @@
Name: xmlrpc-c Name: xmlrpc-c
Version: 1.51.0 Version: 1.51.0
Release: 5%{?dist} Release: 5%{?dist}.1
Summary: Lightweight RPC library based on XML and HTTP Summary: Lightweight RPC library based on XML and HTTP
# See doc/COPYING for details. # See doc/COPYING for details.
# The Python 1.5.2 license used by a few files is just BSD. # The Python 1.5.2 license used by a few files is just BSD.
@ -24,6 +24,7 @@ Patch102: 0002-Use-proper-datatypes-for-long-long.patch
Patch103: 0003-allow-30x-redirections.patch Patch103: 0003-allow-30x-redirections.patch
#Patch104: xmlrpc-c-printf-size_t.patch #Patch104: xmlrpc-c-printf-size_t.patch
#Patch105: xmlrpc-c-check-vasprintf-return-value.patch #Patch105: xmlrpc-c-check-vasprintf-return-value.patch
Patch104: 0004-Add-missing-validation-of-encoding-CVE-2022-25235.patch
# Backported patches # Backported patches
# https://sourceforge.net/p/xmlrpc-c/code/2981/ # https://sourceforge.net/p/xmlrpc-c/code/2981/
@ -191,6 +192,9 @@ This package contains some handy XML-RPC demo applications.
%{_bindir}/xmlrpc_dumpserver %{_bindir}/xmlrpc_dumpserver
%changelog %changelog
* Thu Mar 03 2022 Rob Crittenden <rcritten@redhat.com> - 1.51.0-5.1
- Add missing validation of encoding (CVE-2022-25235) (#2058114)
* Thu Apr 19 2018 Adam Williamson <awilliam@redhat.com> - 1.51.0-5 * Thu Apr 19 2018 Adam Williamson <awilliam@redhat.com> - 1.51.0-5
- Backport upstream fix for console spam with debug messages (#1541868) - Backport upstream fix for console spam with debug messages (#1541868)