Overview

File xmltooling-1.6.4-CVE-2019-9628.patch of Package xmltooling.15367

From af27c422f551e16989ff6f1722d83614c8550eb5 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 6 Mar 2019 21:14:13 -0500
Subject: [PATCH] CPPXT - Crash due to uncaught DOMException

https://issues.shibboleth.net/jira/browse/CPPXT-143
---
 xmltooling/util/ParserPool.cpp | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/xmltooling/util/ParserPool.cpp b/xmltooling/util/ParserPool.cpp
index 5d96b66..da23846 100644
--- a/xmltooling/util/ParserPool.cpp
+++ b/xmltooling/util/ParserPool.cpp
@@ -148,14 +148,28 @@ DOMDocument* ParserPool::parse(DOMLSInput& domsrc)
         checkinBuilder(janitor.release());
         return doc;
     }
-    catch (XMLException& ex) {
+    catch (const DOMException& ex) {
+        parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr);
+        parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
+        checkinBuilder(janitor.release());
+        auto_ptr_char temp(ex.getMessage());
+        throw XMLParserException(string("DOM error during parsing: ") + (temp.get() ? temp.get() : "no message"));
+    }
+    catch (const SAXException& ex) {
+        parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr);
+        parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
+        checkinBuilder(janitor.release());
+        auto_ptr_char temp(ex.getMessage());
+        throw XMLParserException(string("SAX error during parsing: ") + (temp.get() ? temp.get() : "no message"));
+    }
+    catch (const XMLException& ex) {
         parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr);
         parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
         checkinBuilder(janitor.release());
         auto_ptr_char temp(ex.getMessage());
         throw XMLParserException(string("Xerces error during parsing: ") + (temp.get() ? temp.get() : "no message"));
     }
-    catch (XMLToolingException&) {
+    catch (const XMLToolingException&) {
         parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr);
         parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
         checkinBuilder(janitor.release());
-- 
1.8.3.1
openSUSE Build Service is sponsored by
Places