File libxml2-2.9.1-CVE-2015-8317.patch of Package libxml2.2672

From 9aa37588ee78a06ca1379a9d9356eab16686099c Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Mon, 29 Jun 2015 09:08:25 +0800
Subject: Do not process encoding values if the declaration if broken

CVE-2015-8317

For https://bugzilla.gnome.org/show_bug.cgi?id=751603

If the string is not properly terminated do not try to convert
to the given encoding.


From 709a952110e98621c9b78c4f26462a9d8333102e Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Mon, 29 Jun 2015 16:10:26 +0800
Subject: Fail parsing early on if encoding conversion failed

For https://bugzilla.gnome.org/show_bug.cgi?id=751631

If we fail conversing the current input stream while
processing the encoding declaration of the XMLDecl
then it's safer to just abort there and not try to
report further errors.
---
 parser.c | 4 ++++
 1 file changed, 4 insertions(+)

Index: libxml2-2.9.1/parser.c
===================================================================
--- libxml2-2.9.1.orig/parser.c
+++ libxml2-2.9.1/parser.c
@@ -10347,6 +10347,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ct
 	    encoding = xmlParseEncName(ctxt);
 	    if (RAW != '"') {
 		xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
+		xmlFree((xmlChar *) encoding);
+		return(NULL);
 	    } else
 	        NEXT;
 	} else if (RAW == '\''){
@@ -10354,6 +10356,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ct
 	    encoding = xmlParseEncName(ctxt);
 	    if (RAW != '\'') {
 		xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
+		xmlFree((xmlChar *) encoding);
+		return(NULL);
 	    } else
 	        NEXT;
 	} else {
@@ -10408,7 +10412,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ct
 
             handler = xmlFindCharEncodingHandler((const char *) encoding);
 	    if (handler != NULL) {
-		xmlSwitchToEncoding(ctxt, handler);
+		if (xmlSwitchToEncoding(ctxt, handler) < 0) {
+		    /* failed to convert */
+		    ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING;
+		    return(NULL);
+		}
 	    } else {
 		xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING,
 			"Unsupported encoding %s\n", encoding);
openSUSE Build Service is sponsored by