diff options
| author | Sebastian Pipping <sebastian@pipping.org> | 2022-02-08 04:32:20 +0100 |
|---|---|---|
| committer | Sebastian Pipping <sebastian@pipping.org> | 2022-02-18 18:02:19 +0100 |
| commit | 3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6 (patch) | |
| tree | b948cdcf551fe1124eac2154c7654efe95dabd66 | |
| parent | ee2a5b50e7d1940ba8745715b62ceb9efd3a96da (diff) | |
| download | libexpat-git-3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6.tar.gz | |
lib: Add missing validation of encoding (CVE-2022-25235)
| -rw-r--r-- | expat/lib/xmltok_impl.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/expat/lib/xmltok_impl.c b/expat/lib/xmltok_impl.c index 0430591b..64a3b2c1 100644 --- a/expat/lib/xmltok_impl.c +++ b/expat/lib/xmltok_impl.c @@ -69,7 +69,7 @@ case BT_LEAD##n: \ if (end - ptr < n) \ return XML_TOK_PARTIAL_CHAR; \ - if (! IS_NAME_CHAR(enc, ptr, n)) { \ + if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \ *nextTokPtr = ptr; \ return XML_TOK_INVALID; \ } \ @@ -98,7 +98,7 @@ case BT_LEAD##n: \ if (end - ptr < n) \ return XML_TOK_PARTIAL_CHAR; \ - if (! IS_NMSTRT_CHAR(enc, ptr, n)) { \ + if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \ *nextTokPtr = ptr; \ return XML_TOK_INVALID; \ } \ @@ -1142,6 +1142,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end, case BT_LEAD##n: \ if (end - ptr < n) \ return XML_TOK_PARTIAL_CHAR; \ + if (IS_INVALID_CHAR(enc, ptr, n)) { \ + *nextTokPtr = ptr; \ + return XML_TOK_INVALID; \ + } \ if (IS_NMSTRT_CHAR(enc, ptr, n)) { \ ptr += n; \ tok = XML_TOK_NAME; \ |