From 462449fa0682abf40b1446f0067d5e07806702fd Mon Sep 17 00:00:00 2001
From: Jeremy Messenger <mezz@FreeBSD.org>
Date: Mon, 20 Oct 2008 16:11:29 +0000
Subject: Fix the two security issues, bump the PORTREVISION.

Obtained from:	libxml2-2.6.31-1.3mdv2008.1.src.rpm
Security:	CVE-2008-3281
		CVE-2008-3529
---
 textproc/libxml2/files/patch-CVE-2008-3529 | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 textproc/libxml2/files/patch-CVE-2008-3529

(limited to 'textproc/libxml2/files/patch-CVE-2008-3529')

diff --git a/textproc/libxml2/files/patch-CVE-2008-3529 b/textproc/libxml2/files/patch-CVE-2008-3529
new file mode 100644
index 000000000000..943fa2b8005b
--- /dev/null
+++ b/textproc/libxml2/files/patch-CVE-2008-3529
@@ -0,0 +1,19 @@
+--- parser.c.orig	2008-09-03 15:55:59.000000000 +0200
++++ parser.c	2008-09-03 16:30:22.000000000 +0200
+@@ -2301,6 +2301,7 @@ xmlParserHandlePEReference(xmlParserCtxt
+  */
+ #define growBuffer(buffer) {						\
+     xmlChar *tmp;							\
++    buffer##_size += XML_PARSER_BUFFER_SIZE ;				\
+     buffer##_size *= 2;							\
+     tmp = (xmlChar *)							\
+ 		xmlRealloc(buffer, buffer##_size * sizeof(xmlChar));	\
+@@ -3341,7 +3342,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr
+ 		     * Just output the reference
+ 		     */
+ 		    buf[len++] = '&';
+-		    if (len > buf_size - i - 10) {
++		    while (len > buf_size - i - 10) {
+ 			growBuffer(buf);
+ 		    }
+ 		    for (;i > 0;i--)
-- 
cgit v1.2.3