diff options
author | Boris Kolpackov <boris@codesynthesis.com> | 2022-11-30 14:21:27 +0200 |
---|---|---|
committer | Boris Kolpackov <boris@codesynthesis.com> | 2022-11-30 14:21:27 +0200 |
commit | 12799de18e38b3cf6cc458bfee07dee7a48df33d (patch) | |
tree | e4b5accdc43983187f724cb26f3e13b5bc633a82 | |
parent | 216a4745f0aa2921d2682fa576f8de77645d2f86 (diff) |
Import more fixes for Expat security vulnerabilities
CVE-2022-43680
-rw-r--r-- | libxsde/xsde/c/expat/xmlparse.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/libxsde/xsde/c/expat/xmlparse.c b/libxsde/xsde/c/expat/xmlparse.c index f97f285..44394c2 100644 --- a/libxsde/xsde/c/expat/xmlparse.c +++ b/libxsde/xsde/c/expat/xmlparse.c @@ -771,6 +771,14 @@ parserCreate(const XML_Char *encodingName, parserInit(parser, encodingName); if (encodingName && !parser->m_protocolEncodingName) { + if (dtd) { + // We need to stop the upcoming call to XML_ParserFree from happily + // destroying parser->m_dtd because the DTD is shared with the parent + // parser and the only guard that keeps XML_ParserFree from destroying + // parser->m_dtd is parser->m_isParamEntity but it will be set to + // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all). + parser->m_dtd = NULL; + } XML_ParserFree(parser); return NULL; } |