Overview

File xerces-c-CVE-2016-4463-part2.patch of Package xerces-c.35691

From 9c1433c3eb2c7ecd96ba9ea804225ae6a8da9bc4 Mon Sep 17 00:00:00 2001
From: Scott Cantor <scantor@apache.org>
Date: Fri, 10 Jun 2016 01:48:26 +0000
Subject: [PATCH] https://issues.apache.org/jira/browse/XERCESC-2070

git-svn-id: https://svn.apache.org/repos/asf/xerces/c/branches/xerces-3.1@1747620 13f79535-47bb-0310-9956-ffa450edef68
---
 src/xercesc/internal/XMLScanner.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/xercesc/internal/XMLScanner.cpp b/src/xercesc/internal/XMLScanner.cpp
index e7b9768..1d59947 100644
--- a/src/xercesc/internal/XMLScanner.cpp
+++ b/src/xercesc/internal/XMLScanner.cpp
@@ -1270,8 +1270,15 @@ void XMLScanner::scanProlog()
                     if (sawDocTypeDecl) {
                         emitError(XMLErrs::DuplicateDocTypeDecl);
                     }
-                    scanDocTypeDecl();
-                    sawDocTypeDecl = true;
+
+                    const char* envvar = getenv("XERCES_DISABLE_DTD");
+                    if (envvar && !strcmp(envvar, "1")) {
+                    	emitError(XMLErrs::InvalidDocumentStructure);
+                    }
+                    else {
+                    	scanDocTypeDecl();
+                    	sawDocTypeDecl = true;
+                    }
 
                     // if reusing grammar, this has been validated already in first scan
                     // skip for performance
openSUSE Build Service is sponsored by
Places