From d4c2e1791d93c073308634aa15e5b11fd094c66d Mon Sep 17 00:00:00 2001 From: hartwork Date: Mon, 1 Jul 2024 10:21:06 +0800 Subject: [PATCH] CVE-2022-25235 --- parser/expat/lib/xmltok.c | 7 ------- parser/expat/lib/xmltok_impl.c | 8 ++++++-- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/parser/expat/lib/xmltok.c b/parser/expat/lib/xmltok.c index f01c2fa996..d0e7f7f163 100644 --- a/parser/expat/lib/xmltok.c +++ b/parser/expat/lib/xmltok.c @@ -65,13 +65,6 @@ + ((((byte)[2]) >> 5) & 1)] \ & (1u << (((byte)[2]) & 0x1F))) -#define UTF8_GET_NAMING(pages, p, n) \ - ((n) == 2 \ - ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \ - : ((n) == 3 \ - ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \ - : 0)) - /* Detection of invalid UTF-8 sequences is based on Table 3.1B of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/ with the additional restriction of not allowing the Unicode diff --git a/parser/expat/lib/xmltok_impl.c b/parser/expat/lib/xmltok_impl.c index 5f779c0571..3bc0d85b8d 100644 --- a/parser/expat/lib/xmltok_impl.c +++ b/parser/expat/lib/xmltok_impl.c @@ -34,7 +34,7 @@ case BT_LEAD ## n: \ if (end - ptr < n) \ return XML_TOK_PARTIAL_CHAR; \ - if (!IS_NAME_CHAR(enc, ptr, n)) { \ + if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \ *nextTokPtr = ptr; \ return XML_TOK_INVALID; \ } \ @@ -62,7 +62,7 @@ case BT_LEAD ## n: \ if (end - ptr < n) \ return XML_TOK_PARTIAL_CHAR; \ - if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \ + if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \ *nextTokPtr = ptr; \ return XML_TOK_INVALID; \ } \ @@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end, case BT_LEAD ## n: \ if (end - ptr < n) \ return XML_TOK_PARTIAL_CHAR; \ + if (IS_INVALID_CHAR(enc, ptr, n)) { \ + *nextTokPtr = ptr; \ + return XML_TOK_INVALID; \ + } \ if (IS_NMSTRT_CHAR(enc, ptr, n)) { \ ptr += n; \ tok = XML_TOK_NAME; \ -- 2.33.0