This patch addresses two heap overflow bugs in raptor2: http://seclists.org/oss-sec/2017/q2/424 Patch copied from libreoffice: https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001 From: Dave Beckett Date: Sun, 16 Apr 2017 23:15:12 +0100 Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer (raptor_xml_writer_start_element_common): Calculate max including for each attribute a potential name and value. Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617 and #0000618 http://bugs.librdf.org/mantis/view.php?id=618 --- src/raptor_xml_writer.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c index 693b946..0d3a36a 100644 --- a/src/raptor_xml_writer.c +++ b/src/raptor_xml_writer.c @@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, size_t nspace_declarations_count = 0; unsigned int i; - /* max is 1 per element and 1 for each attribute + size of declared */ if(nstack) { - int nspace_max_count = element->attribute_count+1; + int nspace_max_count = element->attribute_count * 2; /* attr and value */ + if(element->name->nspace) + nspace_max_count++; if(element->declared_nspaces) nspace_max_count += raptor_sequence_size(element->declared_nspaces); if(element->xml_language) @@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, } } - /* Add the attribute + value */ + /* Add the attribute's value */ nspace_declarations[nspace_declarations_count].declaration= raptor_qname_format_as_xml(element->attributes[i], &nspace_declarations[nspace_declarations_count].length); -- 2.9.3 1c41ccba0b8e272c01d2a7a526e49b0'>root/bootstrap
er-highlight'>
AgeCommit message (Expand)Author
2024-04-19maint: Generate doc/version[-LANG].texi using `mdate-from-git.scm'....This replaces Automake's `build-aux/mdate-sh' with our own `build-aux/mdate-from-git.scm' to use reproducible timestamps from Git instead. * build-aux/mdate-from-git.scm: New script. * bootstrap: Use it to replace build-aux/mdate-sh. * Makefile.am (EXTRA_DIST): Add it. Change-Id: I17d0a7de9ffea397129c0db1728f86e28a4e245f Janneke Nieuwenhuizen
2021-06-13bootstrap: Simplify search for translation languages....Extend the sed script to also behave like "basename", saving the addtional call of "xargs basename". * bootstrap (langs): Extend sed scripts, remove running xargs. Hartmut Goebel
Reported by Noisytoot on #guix. * nix/nix-daemon/shared.hh (showManPage): Remove. * nix/nix-daemon/nix-daemon.cc (printHelp, programId): Remove.
2021-03-17daemon: Correctly handle '--discover' with no value.Ludovic Courtès
Previously, we'd get: $ guix-daemon --discover error: basic_string::_M_construct null not valid * nix/nix-daemon/guix-daemon.cc (parse_opt): Change second argument to 'settings.set' to properly handle case where ARG is NULL.
2020-11-29Use substitute servers on the local network.Mathieu Othacehe
* guix/scripts/discover.scm: New file. * Makefile.am (MODULES): Add it. * nix/nix-daemon/guix-daemon.cc (options): Add "discover" option, (parse-opt): parse it, (main): start "guix discover" process when the option is set. * guix/scripts/substitute.scm (%local-substitute-urls): New variable, (substitute-urls): add it. * gnu/services/base.scm (<guix-configuration>): Add "discover?" field, (guix-shepherd-service): honor it. * doc/guix.texi (Invoking guix-daemon): Document "discover" option, (Base Services): ditto.
2019-11-26guix build, daemon: Rename "--no-build-hook" to "--no-offload".Ludovic Courtès
This is a followup to bc69ea2d605810cc32e13ed03d5848b8dc358b61. * guix/scripts/build.scm (show-build-options-help): Rename "--no-build-hook" to "--no-offload". (%standard-build-options): Likewise, and warn when "--no-build-hook" is passed. * nix/nix-daemon/guix-daemon.cc (options): Add "--no-offload" and mark "--no-build-hook" as hidden. * guix/scripts/offload.scm: Adjust comment. * doc/guix.texi (Invoking guix-daemon, Common Build Options): Replace "--no-build-hook" with "--no-offload". * etc/completion/fish/guix.fish, etc/completion/zsh/_guix: Adjust accordingly.
2019-10-16daemon: Make 'profiles/per-user' non-world-writable.Ludovic Courtès
Fixes <https://bugs.gnu.org/37744>. Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>. Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d by Eelco Dolstra <edolstra@gmail.com>. * nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir' to #o755 instead of #o1777. (LocalStore::createUser): New function. * nix/libstore/local-store.hh (LocalStore): Add it. * nix/libstore/store-api.hh (StoreAPI): Add it. * nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add condition to handle "user-name" property and honor it. (processConnection): Add 'userId' parameter. Call 'store->createUser' when userId is not -1. * guix/profiles.scm (ensure-profile-directory): Note that this is now handled by the daemon. * guix/store.scm (current-user-name): New procedure. (set-build-options): Add #:user-name parameter and pass it to the daemon. * tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when listening on a TCP socket. * tests/store.scm ("profiles/per-user exists and is not writable") ("profiles/per-user/$USER exists"): New tests.