mirror of
				https://github.com/pocoproject/poco.git
				synced 2025-10-25 02:06:04 +02:00 
			
		
		
		
	#3849: Upgrade bundled libexpat to 2.5.0 [fixes CVE]
This commit is contained in:
		| @@ -1,4 +1,4 @@ | ||||
| /* fcb1a62fefa945567301146eb98e3ad3413e823a41c4378e84e8b6b6f308d824 (2.4.7+) | ||||
| /* 5ab094ffadd6edfc94c3eee53af44a86951f9f1f0933ada3114bbce2bfb02c99 (2.5.0+) | ||||
|                             __  __            _ | ||||
|                          ___\ \/ /_ __   __ _| |_ | ||||
|                         / _ \\  /| '_ \ / _` | __| | ||||
| @@ -35,6 +35,7 @@ | ||||
|    Copyright (c) 2021      Dong-hee Na <donghee.na@python.org> | ||||
|    Copyright (c) 2022      Samanta Navarro <ferivoz@riseup.net> | ||||
|    Copyright (c) 2022      Jeffrey Walton <noloader@gmail.com> | ||||
|    Copyright (c) 2022      Jann Horn <jannh@google.com> | ||||
|    Licensed under the MIT license: | ||||
|  | ||||
|    Permission is  hereby granted,  free of charge,  to any  person obtaining | ||||
| @@ -1088,6 +1089,14 @@ parserCreate(const XML_Char *encodingName, | ||||
|   parserInit(parser, encodingName); | ||||
|  | ||||
|   if (encodingName && ! parser->m_protocolEncodingName) { | ||||
|     if (dtd) { | ||||
|       // We need to stop the upcoming call to XML_ParserFree from happily | ||||
|       // destroying parser->m_dtd because the DTD is shared with the parent | ||||
|       // parser and the only guard that keeps XML_ParserFree from destroying | ||||
|       // parser->m_dtd is parser->m_isParamEntity but it will be set to | ||||
|       // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all). | ||||
|       parser->m_dtd = NULL; | ||||
|     } | ||||
|     XML_ParserFree(parser); | ||||
|     return NULL; | ||||
|   } | ||||
| @@ -3031,9 +3040,6 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, | ||||
|         int len; | ||||
|         const char *rawName; | ||||
|         TAG *tag = parser->m_tagStack; | ||||
|         parser->m_tagStack = tag->parent; | ||||
|         tag->parent = parser->m_freeTagList; | ||||
|         parser->m_freeTagList = tag; | ||||
|         rawName = s + enc->minBytesPerChar * 2; | ||||
|         len = XmlNameLength(enc, rawName); | ||||
|         if (len != tag->rawNameLength | ||||
| @@ -3041,6 +3047,9 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, | ||||
|           *eventPP = rawName; | ||||
|           return XML_ERROR_TAG_MISMATCH; | ||||
|         } | ||||
|         parser->m_tagStack = tag->parent; | ||||
|         tag->parent = parser->m_freeTagList; | ||||
|         parser->m_freeTagList = tag; | ||||
|         --parser->m_tagLevel; | ||||
|         if (parser->m_endElementHandler) { | ||||
|           const XML_Char *localPart; | ||||
| @@ -4995,10 +5004,10 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, | ||||
|               parser->m_handlerArg, parser->m_declElementType->name, | ||||
|               parser->m_declAttributeId->name, parser->m_declAttributeType, 0, | ||||
|               role == XML_ROLE_REQUIRED_ATTRIBUTE_VALUE); | ||||
|           poolClear(&parser->m_tempPool); | ||||
|           handleDefault = XML_FALSE; | ||||
|         } | ||||
|       } | ||||
|       poolClear(&parser->m_tempPool); | ||||
|       break; | ||||
|     case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE: | ||||
|     case XML_ROLE_FIXED_ATTRIBUTE_VALUE: | ||||
| @@ -5406,7 +5415,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, | ||||
|              * | ||||
|              * If 'standalone' is false, the DTD must have no | ||||
|              * parameter entities or we wouldn't have passed the outer | ||||
|              * 'if' statement.  That measn the only entity in the hash | ||||
|              * 'if' statement.  That means the only entity in the hash | ||||
|              * table is the external subset name "#" which cannot be | ||||
|              * given as a parameter entity name in XML syntax, so the | ||||
|              * lookup must have returned NULL and we don't even reach | ||||
| @@ -5818,19 +5827,27 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, | ||||
|  | ||||
|   if (result != XML_ERROR_NONE) | ||||
|     return result; | ||||
|   else if (textEnd != next | ||||
|            && parser->m_parsingStatus.parsing == XML_SUSPENDED) { | ||||
|  | ||||
|   if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { | ||||
|     entity->processed = (int)(next - (const char *)entity->textPtr); | ||||
|     return result; | ||||
|   } else { | ||||
|   } | ||||
|  | ||||
| #ifdef XML_DTD | ||||
|     entityTrackingOnClose(parser, entity, __LINE__); | ||||
|   entityTrackingOnClose(parser, entity, __LINE__); | ||||
| #endif | ||||
|     entity->open = XML_FALSE; | ||||
|     parser->m_openInternalEntities = openEntity->next; | ||||
|     /* put openEntity back in list of free instances */ | ||||
|     openEntity->next = parser->m_freeInternalEntities; | ||||
|     parser->m_freeInternalEntities = openEntity; | ||||
|   entity->open = XML_FALSE; | ||||
|   parser->m_openInternalEntities = openEntity->next; | ||||
|   /* put openEntity back in list of free instances */ | ||||
|   openEntity->next = parser->m_freeInternalEntities; | ||||
|   parser->m_freeInternalEntities = openEntity; | ||||
|  | ||||
|   // If there are more open entities we want to stop right here and have the | ||||
|   // upcoming call to XML_ResumeParser continue with entity content, or it would | ||||
|   // be ignored altogether. | ||||
|   if (parser->m_openInternalEntities != NULL | ||||
|       && parser->m_parsingStatus.parsing == XML_SUSPENDED) { | ||||
|     return XML_ERROR_NONE; | ||||
|   } | ||||
|  | ||||
| #ifdef XML_DTD | ||||
|   | ||||
| @@ -45,7 +45,7 @@ enum { | ||||
|   BT_LF,       /* line feed = "\n" */ | ||||
|   BT_GT,       /* greater than = ">" */ | ||||
|   BT_QUOT,     /* quotation character = "\"" */ | ||||
|   BT_APOS,     /* aposthrophe = "'" */ | ||||
|   BT_APOS,     /* apostrophe = "'" */ | ||||
|   BT_EQUALS,   /* equal sign = "=" */ | ||||
|   BT_QUEST,    /* question mark = "?" */ | ||||
|   BT_EXCL,     /* exclamation mark = "!" */ | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Günter Obiltschnig
					Günter Obiltschnig