review.tizen.org Git - platform/upstream/libxml2.git/log

projects / platform / upstream / libxml2.git / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Nick Wellnhofer [Thu, 25 Aug 2022 15:43:08 +0000 (17:43 +0200)]

[CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE

Also impose size limits when XML_PARSE_HUGE is set. Limit size of names
to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to
XML_MAX_HUGE_LENGTH (1 billion bytes).

Move some the length checks to the end of the respective loop to make
them strict.

xmlParseEntityValue didn't have a length limitation at all. But without
XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW.

Thanks to Maddie Stone working with Google Project Zero for the report!

Change-Id: I863cb7ab00bf304f623084fb2ba97bf036166606
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

Nick Wellnhofer [Tue, 8 Feb 2022 02:29:24 +0000 (03:29 +0100)]

[CVE-2022-23308] Use-after-free of ID and IDREF attributes

If a document is parsed with XML_PARSE_DTDVALID and without
XML_PARSE_NOENT, the value of ID attributes has to be normalized after
potentially expanding entities in xmlRemoveID. Otherwise, later calls
to xmlGetID can return a pointer to previously freed memory.

ID attributes which are empty or contain only whitespace after
entity expansion are affected in a similar way. This is fixed by
not storing such attributes in the ID table.

The test to detect streaming mode when validating against a DTD was
broken. In connection with the defects above, this could result in a
use-after-free when using the xmlReader interface with validation.
Fix detection of streaming mode to avoid similar issues. (This changes
the expected result of a test case. But as far as I can tell, using the
XML reader with XIncludes referencing the root document never worked
properly, anyway.)

All of these issues can result in denial of service. Using xmlReader
with validation could result in disclosure of memory via the error
channel, typically stderr. The security impact of xmlGetID returning
a pointer to freed memory depends on the application. The typical use
case of calling xmlGetID on an unmodified document is not affected.

Change-Id: Iee3c796c5c163a35fe61fc449adf7182331be627
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Tue, 29 Jun 2021 05:58:00 +0000 (14:58 +0900)]

Bump to libxml2 2.9.12

Change-Id: I4c0631eb040d2a87101f0988cd531580335f7433
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Tue, 29 Jun 2021 03:26:53 +0000 (12:26 +0900)]

Imported Upstream version 2.9.12

commit | commitdiff | tree

DongHun Kwak [Tue, 29 Jun 2021 03:26:30 +0000 (12:26 +0900)]

Imported Upstream version 2.9.11

commit | commitdiff | tree

Hyunjee Kim [Thu, 28 Nov 2019 00:41:20 +0000 (09:41 +0900)]

Imported Upstream version 2.9.10

commit | commitdiff | tree

DongHun Kwak [Thu, 10 Oct 2019 05:47:48 +0000 (14:47 +0900)]

Imported Upstream version 2.9.9

commit | commitdiff | tree

DongHun Kwak [Thu, 10 Oct 2019 05:47:39 +0000 (14:47 +0900)]

Imported Upstream version 2.9.8

commit | commitdiff | tree

DongHun Kwak [Thu, 23 Nov 2017 02:22:54 +0000 (11:22 +0900)]

Imported Upstream version 2.9.7

Change-Id: I9ae5434978bd98bb49d072dc066e149cbac06842
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Tue, 17 Oct 2017 05:43:14 +0000 (14:43 +0900)]

Imported Upstream version 2.9.6

Change-Id: I5c98bedf617f60e9e5c5883c0a028c2733b361d0
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Tue, 17 Oct 2017 05:42:37 +0000 (14:42 +0900)]

Imported Upstream version 2.9.6_rc1

Change-Id: I5dcb0df63b566606727a5902d819550ce253f54c
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Tue, 17 Oct 2017 05:42:10 +0000 (14:42 +0900)]

Imported Upstream version 2.9.5

Change-Id: I26aba6b2cafb1d9429b90886c5270887df23ef57
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Tue, 17 Oct 2017 05:41:39 +0000 (14:41 +0900)]

Imported Upstream version 2.9.5_rc2

Change-Id: I1713fddeb3c21d510a0194abdf5d37d5674780c2
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Tue, 17 Oct 2017 05:41:01 +0000 (14:41 +0900)]

Imported Upstream version 2.9.5_rc1

Change-Id: I8601bce726b46c3afa400a74689dfa004cae0501
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Wed, 15 Jun 2016 05:06:40 +0000 (14:06 +0900)]

Imported Upstream version 2.9.4

Change-Id: Ia77571980e4b0410bb3314b12af5a9e5bf732a38
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

DongHun Kwak [Mon, 23 Nov 2015 11:28:27 +0000 (20:28 +0900)]

Imported Upstream version 2.9.2

Change-Id: I82eaee9a90ae71ea3d3c6151e275ad34ed6ea919
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

commit | commitdiff | tree

xroche [Fri, 7 Nov 2014 16:26:44 +0000 (17:26 +0100)]

Imported Upstream version 2.9.1

commit | commitdiff | tree

Anas Nashif [Wed, 7 Nov 2012 16:49:28 +0000 (08:49 -0800)]

Imported Upstream version 2.8.0

Domain: System / Base;