packages/tinyxml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2021-42260

Browse Source 
(cherry picked from commit 9b314d6163e5448789190a2576df0daf87e5a0c3)
This commit is contained in:
Zhiyi Weng 2021-11-01 16:08:17 +08:00 committed by openeuler-sync-bot
parent a12a89dc66
commit fb5ff55a67
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
0001-In-stamp-always-advance-the-pointer-if-p-0xef.patch Normal file
View File

@ -0,0 +1,32 @@
From f7ca0035d17a663f55668e662b840afce7b86112 Mon Sep 17 00:00:00 2001
From: Christian Voegl <cvoegl@suse.com>
Date: Wed, 27 Oct 2021 11:25:18 +0200
Subject: [PATCH] In stamp always advance the pointer if *p= 0xef
The current implementation only advanced if 0xef is followed
by two non-zero bytes. In case of malformed input (0xef should be
the start byte of a three byte character) this leads to an infinite
loop. (CVE-2021-42260)
---
tinyxmlparser.cpp | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
index 81b7eae..8aa0dfa 100755
--- a/tinyxmlparser.cpp
+++ b/tinyxmlparser.cpp
@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
else
{ p +=3; ++col; } // A normal character.
}
+ else
+ {
+ // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
+ // there is something wrong here. Just advance the pointer to evade infinite loops
+ ++p;
+ }
}
else
{
--
2.33.0

8
tinyxml.spec
View File

@ -1,10 +1,11 @@
Name: tinyxml Name: tinyxml
Version: 2.6.2 Version: 2.6.2
Release: 20 Release: 21
Summary: C++ XML parser Summary: C++ XML parser
License: zlib License: zlib
URL: http://www.grinninglizard.com/tinyxml/ URL: http://www.grinninglizard.com/tinyxml/
Source0: http://downloads.sourceforge.net/tinyxml/tinyxml_2_6_2.tar.gz Source0: http://downloads.sourceforge.net/tinyxml/tinyxml_2_6_2.tar.gz
Patch0: 0001-In-stamp-always-advance-the-pointer-if-p-0xef.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
%description %description
@ -23,7 +24,7 @@ The devel package contains development files for tinyxml.
It provides header files and libraries for tinyxml. It provides header files and libraries for tinyxml.
%prep %prep
%autosetup -n tinyxml %autosetup -p1 -n tinyxml
touch tinyxml.h touch tinyxml.h
%build %build
@ -63,6 +64,9 @@ mkdir -p %{buildroot}%{_libdir}/pkgconfig
%{_libdir}/*.so %{_libdir}/*.so
%changelog %changelog
* Mon Nov 1 2021 Zhiyi Weng <zhiyi@iscas.ac.cn> - 2.6.2-21
- Fix CVE-2021-42260
* Tue Oct 26 2021 chenchen <chen_aka_jan@163.com> - 2.6.2-20 * Tue Oct 26 2021 chenchen <chen_aka_jan@163.com> - 2.6.2-20
- change the spec file name to be the same as the repo name - change the spec file name to be the same as the repo name