diff options
| author | Philip M. Gollucci <pgollucci@FreeBSD.org> | 2009-06-08 03:10:25 +0000 |
|---|---|---|
| committer | Philip M. Gollucci <pgollucci@FreeBSD.org> | 2009-06-08 03:10:25 +0000 |
| commit | de83f0b16f8ba23af78ab5dc1c5eaf31ef44a8bf (patch) | |
| tree | 5210c871787a3e8a1980736739989e6d3e6e329a /www/apache22/files/patch-apr-fix-apr_xml-expat-attack | |
| parent | - Update to apr: 1.3.5, apr: 1.3.7 (diff) | |
- Backport apr-util security fixes pending the 2.2.12 release (forthcomming)
Security: http://www.vuxml.org/freebsd/eb9212f7-526b-11de-bbf2-001b77d09812
PR: ports/135310
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
With Hat: apache
Diffstat (limited to 'www/apache22/files/patch-apr-fix-apr_xml-expat-attack')
| -rw-r--r-- | www/apache22/files/patch-apr-fix-apr_xml-expat-attack | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/www/apache22/files/patch-apr-fix-apr_xml-expat-attack b/www/apache22/files/patch-apr-fix-apr_xml-expat-attack new file mode 100644 index 000000000000..2040f082ea2d --- /dev/null +++ b/www/apache22/files/patch-apr-fix-apr_xml-expat-attack @@ -0,0 +1,51 @@ +Taken from + http://svn.apache.org/viewvc/apr/apr/trunk/xml/apr_xml.c?r1=757729&r2=781403&view=patch + +--- srclib/apr-util/xml/apr_xml.c 2009/03/24 11:12:27 757729 ++++ srclib/apr-util/xml/apr_xml.c 2009/06/03 14:26:19 781403 +@@ -347,6 +347,25 @@ + return APR_SUCCESS; + } + ++#if XML_MAJOR_VERSION > 1 ++/* Stop the parser if an entity declaration is hit. */ ++static void entity_declaration(void *userData, const XML_Char *entityName, ++ int is_parameter_entity, const XML_Char *value, ++ int value_length, const XML_Char *base, ++ const XML_Char *systemId, const XML_Char *publicId, ++ const XML_Char *notationName) ++{ ++ apr_xml_parser *parser = userData; ++ ++ XML_StopParser(parser->xp, XML_FALSE); ++} ++#else ++/* A noop default_handler. */ ++static void default_handler(void *userData, const XML_Char *s, int len) ++{ ++} ++#endif ++ + APU_DECLARE(apr_xml_parser *) apr_xml_parser_create(apr_pool_t *pool) + { + apr_xml_parser *parser = apr_pcalloc(pool, sizeof(*parser)); +@@ -372,6 +391,19 @@ + XML_SetElementHandler(parser->xp, start_handler, end_handler); + XML_SetCharacterDataHandler(parser->xp, cdata_handler); + ++ /* Prevent the "billion laughs" attack against expat by disabling ++ * internal entity expansion. With 2.x, forcibly stop the parser ++ * if an entity is declared - this is safer and a more obvious ++ * failure mode. With older versions, installing a noop ++ * DefaultHandler means that internal entities will be expanded as ++ * the empty string, which is also sufficient to prevent the ++ * attack. */ ++#if XML_MAJOR_VERSION > 1 ++ XML_SetEntityDeclHandler(parser->xp, entity_declaration); ++#else ++ XML_SetDefaultHandler(parser->xp, default_handler); ++#endif ++ + return parser; + } + |