Author: Dylan Aïssi
Last-Update: 2019-03-01 23:10:05 +0100
Description: Fix CVE-2017-9765

--- a/src/stdsoap2.cpp
+++ b/src/stdsoap2.cpp
@@ -1609,17 +1609,16 @@
 soap_get_pi(struct soap *soap)
 { char buf[64];
   register char *s = buf;
-  register int i = sizeof(buf);
-  register soap_wchar c = soap_getchar(soap);
-  /* This is a quick way to parse XML PI and we could use a callback instead to
-   * enable applications to intercept processing instructions */
-  while ((int)c != EOF && c != '?')
-  { if (--i > 0)
+  register size_t i = sizeof(buf);
+  register soap_wchar c;
+  /* Parse the XML PI encoding declaration and look for <?xml ... encoding=X ?> */
+  while ((int)(c = soap_getchar(soap)) != EOF && c != '?')
+  { if (i > 1)
     { if (soap_blank(c))
         c = ' ';
       *s++ = (char)c;
+      i--;
     }
-    c = soap_getchar(soap);
   }
   *s = '\0';
   DBGLOG(TEST, SOAP_MESSAGE(fdebug, "XML PI <?%s?>\n", buf));