Re: [xml] Security flaw affecting all previous libxml2 releases



On Thu, Jan 17, 2008 at 10:34:19AM -0800, Fred Smith wrote:
Trying to manually apply this patch to 2.4.25. I find that some parts of
it match up well and others don't.

There are three places in the file where similar code can be found. I'm
guessing that the one we're concerned with here is the one beginning
around line 1282, as that's the block where the "1-byte code" most
closely resembles the bottom part of this patch.

But I don't see a close match for the first change in the patch in any
of those areas. Specifically, there is no line reading "if (c == 0xC0)".
The place that most looks like the right place is:

      c = *cur;
      if (c & 0x80) {        <====================
          if (cur[1] == 0)
              xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
          if ((cur[1] & 0xc0) != 0x80)
              goto encoding_error;
          if ((c & 0xe0) == 0xe0) {

              if (cur[2] == 0)
                  xmlParserInputGrow(ctxt->input, INPUT_CHUNK);

see the line marked with arrow, it looks as if the patch wants to insert
a couple of lines right below there??

I'd be grateful if Daniel (or anyone else who has patched an ancient
version) could advise me on the correct changes to make here.

  Sure, i made the patches which were needed for RHEL 2.1/3/4 security fixes,
they went out as part of the source RPM updates for RHEL, attached !

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

Attachment: 2.4.19_utf8_check.patch
Description: Text document

Attachment: 2.5.10_utf8_check.patch
Description: Text document

Attachment: 2.6.16_utf8_check.patch
Description: Text document



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]