1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
Description: Avoid crash with invalid XML passed to Oj.parse_obj()
this fixes CVE-2017-15928
Author: Peter Ohler <peter@ohler.com>
Origin: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8.patch
Bug: https://github.com/ohler55/ox/issues/194
Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445
Last-Update: 2017-11-25
--- a/ext/ox/obj_load.c
+++ b/ext/ox/obj_load.c
@@ -791,8 +791,10 @@
Helper gh;
helper_stack_pop(&pi->helpers);
- gh = helper_stack_peek(&pi->helpers);
-
+ if (NULL == (gh = helper_stack_peek(&pi->helpers))) {
+ set_error(&pi->err, "Corrupt parse stack, container is wrong type", pi->str, pi->s);
+ return;
+ }
rb_hash_aset(gh->obj, ph->obj, h->obj);
}
break;
--- a/ext/ox/err.c
+++ b/ext/ox/err.c
@@ -42,7 +42,11 @@
va_end(ap);
}
+#if __GNUC__ > 4
+_Noreturn void
+#else
void
+#endif
ox_err_raise(Err e) {
rb_raise(e->clas, "%s", e->msg);
}
--- a/ext/ox/ox.c
+++ b/ext/ox/ox.c
@@ -990,7 +990,11 @@
#endif
}
+#if __GNUC__ > 4
+_Noreturn void
+#else
void
+#endif
_ox_raise_error(const char *msg, const char *xml, const char *current, const char* file, int line) {
int xline = 1;
int col = 1;
|
