packages/expat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
expat/backport-CVE-2022-23852-lib-Detect-and-prevent-integer-overflow-in-XML_GetBu.patch
yang_zhuang_zhuang 6fe95c998c Fix CVE-2022-23852CVE-2022-23990
2022-02-07 14:51:39 +08:00

30 lines
901 B
Diff
Raw Blame History

From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001
From: Samanta Navarro <ferivoz@riseup.net>
Date: Sat, 22 Jan 2022 17:48:00 +0100
Subject: [PATCH] lib: Detect and prevent integer overflow in
XML_GetBuffer (CVE-2022-23852)
---
lib/xmlparse.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index d54af68..5ce3140 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) {
keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer);
if (keep > XML_CONTEXT_BYTES)
keep = XML_CONTEXT_BYTES;
+ /* Detect and prevent integer overflow */
+ if (keep > INT_MAX - neededSize) {
+ parser->m_errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
neededSize += keep;
#endif /* defined XML_CONTEXT_BYTES */
if (neededSize
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink