packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
golang/0023-fix-CVE-2020-29510.patch
jingrui d2049ce1ac golang: sync cve fix 
Signed-off-by: jingrui <jingrui@huawei.com>
2021-01-18 17:40:01 +08:00

63 lines
2.4 KiB
Diff
Raw Blame History

From e2710c3983b3249ba30f2d21802c984aef5fb163 Mon Sep 17 00:00:00 2001
From: jingrui <jingrui@huawei.com>
Date: Wed, 23 Dec 2020 16:03:15 +0800
Subject: [PATCH 2/2] encoding/xml: replace comments inside directives with a
space
A Directive (like <!ENTITY xxx []>) can't have other nodes nested inside
it (in our data structure representation), so there is no way to
preserve comments. The previous behavior was to just elide them, which
however might change the semantic meaning of the surrounding markup.
Instead, replace them with a space which hopefully has the same semantic
effect of the comment.
Directives are not actually a node type in the XML spec, which instead
specifies each of them separately (<!ENTITY, <!DOCTYPE, etc.), each with
its own grammar. The rules for where and when the comments are allowed
are not straightforward, and can't be implemented without implementing
custom logic for each of the directives.
Simply preserving the comments in the body of the directive would be
problematic, as there can be unmatched quotes inside the comment.
Whether those quotes are considered meaningful semantically or not,
other parsers might disagree and interpret the output differently.
This issue was reported by Juho Nurminen of Mattermost as it leads to
round-trip mismatches. See #43168. It's not being fixed in a security
release because round-trip stability is not a currently supported
security property of encoding/xml, and we don't believe these fixes
would be sufficient to reliably guarantee it in the future.
Fixes CVE-2020-29510
Updates #43168
Conflict: NA
Reference: https://go-review.googlesource.com/c/go/+/277893/1
Change-Id: Icd86c75beff3e1e0689543efebdad10ed5178ce3
Signed-off-by: jingrui <jingrui@huawei.com>
---
src/encoding/xml/xml.go | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/encoding/xml/xml.go b/src/encoding/xml/xml.go
index 073ceee1b2..3746018613 100644
--- a/src/encoding/xml/xml.go
+++ b/src/encoding/xml/xml.go
@@ -764,6 +764,12 @@ func (d *Decoder) rawToken() (Token, error) {
}
b0, b1 = b1, b
}
+
+ // Replace the comment with a space in the returned Directive
+ // body, so that markup parts that were separated by the comment
+ // (like a "<" and a "!") don't get joined when re-encoding the
+ // Directive, taking new semantic meaning.
+ d.buf.WriteByte(' ')
}
}
return Directive(d.buf.Bytes()), nil
--
2.17.1
Reference in New Issue View Git Blame Copy Permalink