diff options
| author | Jeremy Messenger <mezz@FreeBSD.org> | 2008-10-20 16:11:29 +0000 |
|---|---|---|
| committer | Jeremy Messenger <mezz@FreeBSD.org> | 2008-10-20 16:11:29 +0000 |
| commit | 462449fa0682abf40b1446f0067d5e07806702fd (patch) | |
| tree | da700f0c31fd743d31e6de40153a37efc895471d /textproc/libxml2/files/patch-CVE-2008-3529 | |
| parent | Fix crash when listening to radio and pidgin-musictracker (diff) | |
Fix the two security issues, bump the PORTREVISION.
Obtained from: libxml2-2.6.31-1.3mdv2008.1.src.rpm
Security: CVE-2008-3281
CVE-2008-3529
Notes
Notes:
svn path=/head/; revision=221838
Diffstat (limited to 'textproc/libxml2/files/patch-CVE-2008-3529')
| -rw-r--r-- | textproc/libxml2/files/patch-CVE-2008-3529 | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/textproc/libxml2/files/patch-CVE-2008-3529 b/textproc/libxml2/files/patch-CVE-2008-3529 new file mode 100644 index 000000000000..943fa2b8005b --- /dev/null +++ b/textproc/libxml2/files/patch-CVE-2008-3529 @@ -0,0 +1,19 @@ +--- parser.c.orig 2008-09-03 15:55:59.000000000 +0200 ++++ parser.c 2008-09-03 16:30:22.000000000 +0200 +@@ -2301,6 +2301,7 @@ xmlParserHandlePEReference(xmlParserCtxt + */ + #define growBuffer(buffer) { \ + xmlChar *tmp; \ ++ buffer##_size += XML_PARSER_BUFFER_SIZE ; \ + buffer##_size *= 2; \ + tmp = (xmlChar *) \ + xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \ +@@ -3341,7 +3342,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr + * Just output the reference + */ + buf[len++] = '&'; +- if (len > buf_size - i - 10) { ++ while (len > buf_size - i - 10) { + growBuffer(buf); + } + for (;i > 0;i--) |