Tag
-
Show log
Commit
-
Hash : 8f30bdff
Author :
Date : 2016-04-15T11:56:55
Add missing increments of recursion depth counter to XML parser. For https://bugzilla.gnome.org/show_bug.cgi?id=765207 CVE-2016-3705 The functions xmlParserEntityCheck() and xmlParseAttValueComplex() used to call xmlStringDecodeEntities() in a recursive context without incrementing the 'depth' counter in the parser context. Because of that omission, the parser failed to detect attribute recursions in certain documents before running out of stack space.
-
Files
- .gitignore
- AUTHORS
- ChangeLog
- Copyright
- DOCBparser.c
- HACKING
- HTMLparser.c
- HTMLtree.c
- INSTALL.libxml2
- MAINTAINERS
- Makefile.am
- Makefile.tests
- Makefile.win
- NEWS
- README
- README.cvs-commits
- README.tests
- SAX.c
- SAX2.c
- TODO
- TODO_SCHEMAS
- VxWorks/
- acinclude.m4
- autogen.sh
- bakefile/
- buf.c
- buf.h
- build_glob.py
- c14n.c
- catalog.c
- check-relaxng-test-suite.py
- check-relaxng-test-suite2.py
- check-xinclude-test-suite.py
- check-xml-test-suite.py
- check-xsddata-test-suite.py
- chvalid.c
- chvalid.def
- configure.ac
- dbgen.pl
- dbgenattr.pl
- debugXML.c
- dict.c
- doc/
- elfgcchack.h
- enc.h
- encoding.c
- entities.c
- error.c
- example/
- genChRanges.py
- genUnicode.py
- gentest.py
- global.data
- globals.c
- hash.c
- include/
- legacy.c
- libxml-2.0-uninstalled.pc.in
- libxml-2.0.pc.in
- libxml.3
- libxml.h
- libxml.m4
- libxml.spec.in
- libxml2-config.cmake.in
- libxml2.doap
- libxml2.syms
- list.c
- macos/
- nanoftp.c
- nanohttp.c
- optim/
- os400/
- parser.c
- parserInternals.c
- pattern.c
- python/
- regressions.py
- regressions.xml
- relaxng.c
- result/
- rngparser.c
- runsuite.c
- runtest.c
- runxmlconf.c
- save.h
- schematron.c
- test/
- testAutomata.c
- testC14N.c
- testHTML.c
- testModule.c
- testOOM.c
- testOOMlib.c
- testOOMlib.h
- testReader.c
- testRegexp.c
- testRelax.c
- testSAX.c
- testSchemas.c
- testThreads.c
- testThreadsWin32.c
- testURI.c
- testXPath.c
- testapi.c
- testchar.c
- testdict.c
- testdso.c
- testlimits.c
- testrecurse.c
- threads.c
- timsort.h
- tree.c
- trio.c
- trio.h
- triodef.h
- trionan.c
- trionan.h
- triop.h
- triostr.c
- triostr.h
- uri.c
- valid.c
- vms/
- win32/
- xinclude.c
- xlink.c
- xml2-config.1
- xml2-config.in
- xml2Conf.sh.in
- xmlIO.c
- xmlcatalog.c
- xmllint.c
- xmlmemory.c
- xmlmodule.c
- xmlreader.c
- xmlregexp.c
- xmlsave.c
- xmlschemas.c
- xmlschemastypes.c
- xmlstring.c
- xmlunicode.c
- xmlwriter.c
- xpath.c
- xpointer.c
- xstc/
- xzlib.c
- xzlib.h
-
Properties
-
README
-
XML toolkit from the GNOME project Full documentation is available on-line at http://xmlsoft.org/ This code is released under the MIT Licence see the Copyright file. To build on an Unixised setup: ./configure ; make ; make install To build on Windows: see instructions on win32/Readme.txt To assert build quality: on an Unixised setup: run make tests otherwise: There is 3 standalone tools runtest.c runsuite.c testapi.c, which should compile as part of the build or as any application would. Launch them from this directory to get results, runtest checks the proper functionning of libxml2 main APIs while testapi does a full coverage check. Report failures to the list. To report bugs, follow the instructions at: http://xmlsoft.org/bugs.html A mailing-list xml@gnome.org is available, to subscribe: http://mail.gnome.org/mailman/listinfo/xml The list archive is at: http://mail.gnome.org/archives/xml/ All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitly required and justified. Daniel Veillard $Id$