File: CVE-2009-3560.dpatch

package info (click to toggle)
python2.4 2.4.6-1%2Blenny1
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 44,888 kB
  • ctags: 86,995
  • sloc: ansic: 306,391; python: 271,931; sh: 10,210; makefile: 4,248; perl: 3,736; lisp: 3,678; xml: 894; objc: 756; cpp: 7; sed: 2
file content (54 lines) | stat: -rw-r--r-- 2,073 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
#! /bin/sh -e

dir=
if [ $# -eq 3 -a "$2" = '-d' ]; then
    pdir="-d $3"
    dir="$3/"
elif [ $# -ne 1 ]; then
    echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]"
    exit 1
fi
case "$1" in
    -patch)
        patch $pdir -f --no-backup-if-mismatch -p0 < $0
        ;;
    -unpatch)
        patch $pdir -f --no-backup-if-mismatch -R -p0 < $0
        ;;
    *)
        echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]"
        exit 1
esac
exit 0

## 560901_CVE_2009_3560.dpatch by Daniel Leidert (dale) <daniel.leidert@wgdd.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as
## DP: used in the XML-Twig module for Perl, allows context-dependent attackers
## DP: to cause a denial of service (application crash) via an XML document
## DP: with malformed UTF-8 sequences that trigger a buffer over-read, related
## DP: to the doProlog function in lib/xmlparse.c, a different vulnerability
## DP: than CVE-2009-2625 and CVE-2009-3720. 
## DP:
## DP: This is the revised patch.
## DP:
## DP: <URL:http://bugs.debian.org/560901>
## DP: <URL:http://bugs.debian.org/561658>
## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165>
diff -urNad Modules/expat/xmlparse.c Modules/expat/xmlparse.c
--- Modules/expat/xmlparse.c	2007-05-08 04:25:35.000000000 +0200
+++ Modules/expat/xmlparse.c	2009-12-29 21:57:22.141732904 +0100
@@ -3703,6 +3703,9 @@
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */