File feedparser-issue254-CVE-2011-1157.patch of Package python-feedparser

Overview Repositories Revisions Requests Users Attributes Meta

File feedparser-issue254-CVE-2011-1157.patch of Package python-feedparser

Index: feedparser-4.1/tests/wellformed/sanitize/xml_malicious_comment.xml
===================================================================
--- /dev/null
+++ feedparser-4.1/tests/wellformed/sanitize/xml_malicious_comment.xml
@@ -0,0 +1,7 @@
+
+<feed xmlns="http://www.w3.org/2005/Atom">
+  <title type="html">sa&lt;!-- -- nonwhitespace &gt;fe&lt;script&gt;alert(1);&lt;/script&gt;</title>
+</feed>
Index: feedparser-4.1/tests/wellformed/sanitize/xml_unclosed_comment.xml
===================================================================
--- /dev/null
+++ feedparser-4.1/tests/wellformed/sanitize/xml_unclosed_comment.xml
@@ -0,0 +1,7 @@
+
+<feed xmlns="http://www.w3.org/2005/Atom">
+  <title type="html">safe&lt;!--</title>
+</feed>
Index: feedparser-4.1/feedparser.py
===================================================================
--- feedparser-4.1.orig/feedparser.py
+++ feedparser-4.1/feedparser.py
@@ -1657,6 +1657,19 @@ class _HTMLSanitizer(_BaseHTMLProcessor)
         if not self.unacceptablestack:
             _BaseHTMLProcessor.handle_data(self, text)
 
+    def parse_comment(self, i, report=1):
+        ret = _BaseHTMLProcessor.parse_comment(self, i, report)
+        if ret >= 0:
+            return ret
+        # if ret == -1, this may be a malicious attempt to circumvent
+        # sanitization, or a page-destroying unclosed comment
+        match = re.compile(r'--[^>]*>').search(self.rawdata, i+4)
+        if match:
+            return match.end()
+        # unclosed comment; deliberately fail to handle_data()
+        return len(self.rawdata)
+
+
 def _sanitizeHTML(htmlSource, encoding):
     p = _HTMLSanitizer(encoding)
     htmlSource = htmlSource.replace('<![CDATA[', '&lt;![CDATA[')

Places

File feedparser-issue254-CVE-2011-1157.patch of Package python-feedparser

Places