From 80f0c56a7ff5775f8d79e475b159f0a68930fcbb Mon Sep 17 00:00:00 2001 From: Zach van Rijn Date: Sat, 12 Nov 2022 15:44:44 +0000 Subject: user/raptor2: apply upstream CVE patches. fixes #366. --- user/raptor2/CVE-2020-25713.patch | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 user/raptor2/CVE-2020-25713.patch (limited to 'user/raptor2/CVE-2020-25713.patch') diff --git a/user/raptor2/CVE-2020-25713.patch b/user/raptor2/CVE-2020-25713.patch new file mode 100644 index 000000000..6eb8251bb --- /dev/null +++ b/user/raptor2/CVE-2020-25713.patch @@ -0,0 +1,29 @@ +From 4f5dbbffcc1c6cf0398bd03450453289a0979dea Mon Sep 17 00:00:00 2001 +From: Dave Beckett +Date: Sat, 18 Sep 2021 17:40:00 -0700 +Subject: [PATCH] XML Writer : compare namespace declarations correctly + +Apply patch from +0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 +that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650 +which overwrote heap during XML writing in parse type literal +content. This was detected with clang asan. + +Thanks to Michael Stahl / mst2 for the fix. +--- + src/raptor_xml_writer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 56993dc38..4426d38cf 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + /* check it wasn't an earlier declaration too */ + for(j = 0; j < nspace_declarations_count; j++) +- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { ++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { + declare_me = 0; + break; + } -- cgit v1.2.3-70-g09d2