diff options
Diffstat (limited to 'meta/recipes-core/expat/expat/CVE-2023-52426-009.patch')
-rw-r--r-- | meta/recipes-core/expat/expat/CVE-2023-52426-009.patch | 354 |
1 files changed, 354 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-009.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-009.patch new file mode 100644 index 0000000000..99460249c0 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2023-52426-009.patch @@ -0,0 +1,354 @@ +From caa27198637683b15d810737bb8a6a81af19bfa5 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Fri, 27 Oct 2023 18:47:37 +0200 +Subject: [PATCH] Simplify "defined(XML_DTD) || XML_GE == 1" to "XML_GE == 1" + +CVE: CVE-2023-52426 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/caa27198637683b15d810737bb8a6a81af19bfa5] + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/expat.h | 2 +- + lib/internal.h | 2 +- + lib/xmlparse.c | 66 +++++++++++++++++++++++++------------------------- + xmlwf/xmlwf.c | 4 +-- + 4 files changed, 37 insertions(+), 37 deletions(-) + +diff --git a/lib/expat.h b/lib/expat.h +index 33c94af..fa2eb45 100644 +--- a/lib/expat.h ++++ b/lib/expat.h +@@ -1038,7 +1038,7 @@ typedef struct { + XMLPARSEAPI(const XML_Feature *) + XML_GetFeatureList(void); + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + /* Added in Expat 2.4.0 for XML_DTD defined and + * added in Expat 2.6.0 for XML_GE == 1. */ + XMLPARSEAPI(XML_Bool) +diff --git a/lib/internal.h b/lib/internal.h +index 1851925..03c8fde 100644 +--- a/lib/internal.h ++++ b/lib/internal.h +@@ -154,7 +154,7 @@ extern "C" { + void _INTERNAL_trim_to_complete_utf8_characters(const char *from, + const char **fromLimRef); + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser); + unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser); + const char *unsignedCharToPrintable(unsigned char c); +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index c479174..2d8f4c0 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -416,7 +416,7 @@ enum XML_Account { + XML_ACCOUNT_NONE /* i.e. do not account, was accounted already */ + }; + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + typedef unsigned long long XmlBigCount; + typedef struct accounting { + XmlBigCount countBytesDirect; +@@ -432,7 +432,7 @@ typedef struct entity_stats { + unsigned int maximumDepthSeen; + int debugLevel; + } ENTITY_STATS; +-#endif /* defined(XML_DTD) || XML_GE == 1 */ ++#endif /* XML_GE == 1 */ + + typedef enum XML_Error PTRCALL Processor(XML_Parser parser, const char *start, + const char *end, const char **endPtr); +@@ -574,7 +574,7 @@ static XML_Parser parserCreate(const XML_Char *encodingName, + + static void parserInit(XML_Parser parser, const XML_Char *encodingName); + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + static float accountingGetCurrentAmplification(XML_Parser rootParser); + static void accountingReportStats(XML_Parser originParser, const char *epilog); + static void accountingOnAbort(XML_Parser originParser); +@@ -597,7 +597,7 @@ static void entityTrackingOnClose(XML_Parser parser, ENTITY *entity, + + static XML_Parser getRootParserOf(XML_Parser parser, + unsigned int *outLevelDiff); +-#endif /* defined(XML_DTD) || XML_GE == 1 */ ++#endif /* XML_GE == 1 */ + + static unsigned long getDebugLevel(const char *variableName, + unsigned long defaultDebugLevel); +@@ -715,7 +715,7 @@ struct XML_ParserStruct { + enum XML_ParamEntityParsing m_paramEntityParsing; + #endif + unsigned long m_hash_secret_salt; +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + ACCOUNTING m_accounting; + ENTITY_STATS m_entity_stats; + #endif +@@ -1175,7 +1175,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) { + #endif + parser->m_hash_secret_salt = 0; + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + memset(&parser->m_accounting, 0, sizeof(ACCOUNTING)); + parser->m_accounting.debugLevel = getDebugLevel("EXPAT_ACCOUNTING_DEBUG", 0u); + parser->m_accounting.maximumAmplificationFactor +@@ -2534,7 +2534,7 @@ XML_GetFeatureList(void) { + #ifdef XML_ATTR_INFO + {XML_FEATURE_ATTR_INFO, XML_L("XML_ATTR_INFO"), 0}, + #endif +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + /* Added in Expat 2.4.0 for XML_DTD defined and + * added in Expat 2.6.0 for XML_GE == 1. */ + {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT, +@@ -2550,7 +2550,7 @@ XML_GetFeatureList(void) { + return features; + } + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + XML_Bool XMLCALL + XML_SetBillionLaughsAttackProtectionMaximumAmplification( + XML_Parser parser, float maximumAmplificationFactor) { +@@ -2572,7 +2572,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold( + parser->m_accounting.activationThresholdBytes = activationThresholdBytes; + return XML_TRUE; + } +-#endif /* defined(XML_DTD) || XML_GE == 1 */ ++#endif /* XML_GE == 1 */ + + /* Initially tag->rawName always points into the parse buffer; + for those TAG instances opened while the current parse buffer was +@@ -2658,13 +2658,13 @@ externalEntityInitProcessor2(XML_Parser parser, const char *start, + int tok = XmlContentTok(parser->m_encoding, start, end, &next); + switch (tok) { + case XML_TOK_BOM: +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + if (! accountingDiffTolerated(parser, tok, start, next, __LINE__, + XML_ACCOUNT_DIRECT)) { + accountingOnAbort(parser); + return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; + } +-#endif /* defined(XML_DTD) || XML_GE == 1 */ ++#endif /* XML_GE == 1 */ + + /* If we are at the end of the buffer, this would cause the next stage, + i.e. externalEntityInitProcessor3, to pass control directly to +@@ -2778,7 +2778,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, + for (;;) { + const char *next = s; /* XmlContentTok doesn't always set the last arg */ + int tok = XmlContentTok(enc, s, end, &next); +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + const char *accountAfter + = ((tok == XML_TOK_TRAILING_RSQB) || (tok == XML_TOK_TRAILING_CR)) + ? (haveMore ? s /* i.e. 0 bytes */ : end) +@@ -2844,14 +2844,14 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, + XML_Char ch = (XML_Char)XmlPredefinedEntityName( + enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); + if (ch) { +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + /* NOTE: We are replacing 4-6 characters original input for 1 character + * so there is no amplification and hence recording without + * protection. */ + accountingDiffTolerated(parser, tok, (char *)&ch, + ((char *)&ch) + sizeof(XML_Char), __LINE__, + XML_ACCOUNT_ENTITY_EXPANSION); +-#endif /* defined(XML_DTD) || XML_GE == 1 */ ++#endif /* XML_GE == 1 */ + if (parser->m_characterDataHandler) + parser->m_characterDataHandler(parser->m_handlerArg, &ch, 1); + else if (parser->m_defaultHandler) +@@ -4053,7 +4053,7 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, + for (;;) { + const char *next = s; /* in case of XML_TOK_NONE or XML_TOK_PARTIAL */ + int tok = XmlCdataSectionTok(enc, s, end, &next); +-#if defined(XML_DTD) || XML_GE == 1 ++# if XML_GE == 1 + if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) { + accountingOnAbort(parser); + return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; +@@ -4205,7 +4205,7 @@ doIgnoreSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, + *eventPP = s; + *startPtr = NULL; + tok = XmlIgnoreSectionTok(enc, s, end, &next); +-#if defined(XML_DTD) || XML_GE == 1 ++# if XML_GE == 1 + if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, + XML_ACCOUNT_DIRECT)) { + accountingOnAbort(parser); +@@ -4297,7 +4297,7 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity, const char *s, + const XML_Char *storedversion = NULL; + int standalone = -1; + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + if (! accountingDiffTolerated(parser, XML_TOK_XML_DECL, s, next, __LINE__, + XML_ACCOUNT_DIRECT)) { + accountingOnAbort(parser); +@@ -4504,7 +4504,7 @@ entityValueInitProcessor(XML_Parser parser, const char *s, const char *end, + */ + else if (tok == XML_TOK_BOM && next == end + && ! parser->m_parsingStatus.finalBuffer) { +-# if defined(XML_DTD) || XML_GE == 1 ++# if XML_GE == 1 + if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, + XML_ACCOUNT_DIRECT)) { + accountingOnAbort(parser); +@@ -4720,7 +4720,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, + } + } + role = XmlTokenRole(&parser->m_prologState, tok, s, next, enc); +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + switch (role) { + case XML_ROLE_INSTANCE_START: // bytes accounted in contentProcessor + case XML_ROLE_XML_DECL: // bytes accounted in processXmlDecl +@@ -5044,7 +5044,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, + break; + case XML_ROLE_ENTITY_VALUE: + if (dtd->keepProcessing) { +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + // This will store the given replacement text in + // parser->m_declEntity->textPtr. + enum XML_Error result +@@ -5695,7 +5695,7 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end, + for (;;) { + const char *next = NULL; + int tok = XmlPrologTok(parser->m_encoding, s, end, &next); +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, + XML_ACCOUNT_DIRECT)) { + accountingOnAbort(parser); +@@ -5775,7 +5775,7 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) { + return XML_ERROR_NO_MEMORY; + } + entity->open = XML_TRUE; +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + entityTrackingOnOpen(parser, entity, __LINE__); + #endif + entity->processed = 0; +@@ -5809,9 +5809,9 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) { + entity->processed = (int)(next - textStart); + parser->m_processor = internalEntityProcessor; + } else { +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + entityTrackingOnClose(parser, entity, __LINE__); +-#endif /* defined(XML_DTD) || XML_GE == 1 */ ++#endif /* XML_GE == 1 */ + entity->open = XML_FALSE; + parser->m_openInternalEntities = openEntity->next; + /* put openEntity back in list of free instances */ +@@ -5860,7 +5860,7 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, + return result; + } + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + entityTrackingOnClose(parser, entity, __LINE__); + #endif + entity->open = XML_FALSE; +@@ -5939,7 +5939,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, + const char *next + = ptr; /* XmlAttributeValueTok doesn't always set the last arg */ + int tok = XmlAttributeValueTok(enc, ptr, end, &next); +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + if (! accountingDiffTolerated(parser, tok, ptr, next, __LINE__, account)) { + accountingOnAbort(parser); + return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; +@@ -6004,14 +6004,14 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, + XML_Char ch = (XML_Char)XmlPredefinedEntityName( + enc, ptr + enc->minBytesPerChar, next - enc->minBytesPerChar); + if (ch) { +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + /* NOTE: We are replacing 4-6 characters original input for 1 character + * so there is no amplification and hence recording without + * protection. */ + accountingDiffTolerated(parser, tok, (char *)&ch, + ((char *)&ch) + sizeof(XML_Char), __LINE__, + XML_ACCOUNT_ENTITY_EXPANSION); +-#endif /* defined(XML_DTD) || XML_GE == 1 */ ++#endif /* XML_GE == 1 */ + if (! poolAppendChar(pool, ch)) + return XML_ERROR_NO_MEMORY; + break; +@@ -6089,14 +6089,14 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, + enum XML_Error result; + const XML_Char *textEnd = entity->textPtr + entity->textLen; + entity->open = XML_TRUE; +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + entityTrackingOnOpen(parser, entity, __LINE__); + #endif + result = appendAttributeValue(parser, parser->m_internalEncoding, + isCdata, (const char *)entity->textPtr, + (const char *)textEnd, pool, + XML_ACCOUNT_ENTITY_EXPANSION); +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + entityTrackingOnClose(parser, entity, __LINE__); + #endif + entity->open = XML_FALSE; +@@ -6153,7 +6153,7 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc, + = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */ + int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next); + +-# if defined(XML_DTD) || XML_GE == 1 ++# if XML_GE == 1 + if (! accountingDiffTolerated(parser, tok, entityTextPtr, next, __LINE__, + account)) { + accountingOnAbort(parser); +@@ -7725,7 +7725,7 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) { + return result; + } + +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + + static float + accountingGetCurrentAmplification(XML_Parser rootParser) { +@@ -8456,7 +8456,7 @@ unsignedCharToPrintable(unsigned char c) { + assert(0); /* never gets here */ + } + +-#endif /* defined(XML_DTD) || XML_GE == 1 */ ++#endif /* XML_GE == 1 */ + + static unsigned long + getDebugLevel(const char *variableName, unsigned long defaultDebugLevel) { +diff --git a/xmlwf/xmlwf.c b/xmlwf/xmlwf.c +index 04ca759..dd023a9 100644 +--- a/xmlwf/xmlwf.c ++++ b/xmlwf/xmlwf.c +@@ -1122,13 +1122,13 @@ tmain(int argc, XML_Char **argv) { + } + + if (attackMaximumAmplification != -1.0f) { +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + XML_SetBillionLaughsAttackProtectionMaximumAmplification( + parser, attackMaximumAmplification); + #endif + } + if (attackThresholdGiven) { +-#if defined(XML_DTD) || XML_GE == 1 ++#if XML_GE == 1 + XML_SetBillionLaughsAttackProtectionActivationThreshold( + parser, attackThresholdBytes); + #else +-- +2.40.0 |