This patch addresses two heap overflow bugs in raptor2: http://seclists.org/oss-sec/2017/q2/424 Patch copied from libreoffice: https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001 From: Dave Beckett Date: Sun, 16 Apr 2017 23:15:12 +0100 Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer (raptor_xml_writer_start_element_common): Calculate max including for each attribute a potential name and value. Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617 and #0000618 http://bugs.librdf.org/mantis/view.php?id=618 --- src/raptor_xml_writer.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c index 693b946..0d3a36a 100644 --- a/src/raptor_xml_writer.c +++ b/src/raptor_xml_writer.c @@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, size_t nspace_declarations_count = 0; unsigned int i; - /* max is 1 per element and 1 for each attribute + size of declared */ if(nstack) { - int nspace_max_count = element->attribute_count+1; + int nspace_max_count = element->attribute_count * 2; /* attr and value */ + if(element->name->nspace) + nspace_max_count++; if(element->declared_nspaces) nspace_max_count += raptor_sequence_size(element->declared_nspaces); if(element->xml_language) @@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, } } - /* Add the attribute + value */ + /* Add the attribute's value */ nspace_declarations[nspace_declarations_count].declaration= raptor_qname_format_as_xml(element->attributes[i], &nspace_declarations[nspace_declarations_count].length); -- 2.9.3 ref='/guix/log/?id=e0945a02a41afe31d99e3920aa9f7e2239df7bb7'>root/tests/cve.scm
AgeCommit message (Expand)Author
2019-10-23cve: Rewrite to read the JSON feed instead of the XML feed....The XML feed was discontinued on Oct. 16th, 2019: <https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3> * guix/cve.scm (string->date*): New procedure. (<cve-item>, <cve>, <cve-reference>): New record types. (cpe-match->cve-configuration, configuration-data->cve-configurations) (json->cve-items, version-matches?): New procedures. (yearly-feed-uri): Change URL to refer to JSON feed. (cpe->product-alist, %parse-vulnerability-feed) (xml->vulnerabilities): Remove. (cve-configuration->package-list, merge-package-lists) (cve-item->vulnerability, json->vulnerabilities): New procedures. (write-cache): Use 'json->vulnerabilities' instead of 'xml->vulnerabilities', and remove 'parameterize'. (vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is true. * tests/cve.scm (%sample): Use 'tests/cve-sample.json'. (%expected-vulnerabilities): Rewrite accordingly. ("json->cve-items", "cve-item-published-date") ("json->vulnerabilities"): New tests. ("xml->vulnerabilities"): Remove. ("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities. * tests/cve-sample.json: New file. * tests/cve-sample.xml: Remove. * Makefile.am (EXTRA_DIST): Adjust accordingly. * doc/guix.texi (Invoking guix lint): Update nist.gov URLs. Ludovic Courtès
2019-10-20tests: Avoid now-deprecated 'make-struct'....* tests/cve.scm (vulnerability): Use 'make-struct/no-tail' instead of 'make-struct', which is deprecated. * tests/lint.scm ("cve: one vulnerability") ("cve: one patched vulnerability") ("cve: known safe from vulnerability") ("cve: vulnerability fixed in replacement version") ("cve: patched vulnerability in replacement"): Likewise. Ludovic Courtès