mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
6639c7b295
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41123 Upstream-patches:2c39c91a654444a04eceebc3e85bfa6cac15d458e2546e6eca(From OE-Core rev: 6b2a2e689a69deef6098f6c266542234e46fb24b) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
112 lines
4.3 KiB
Diff
112 lines
4.3 KiB
Diff
From e2546e6ecade16b04c9ee528e5be8509fe16c2d6 Mon Sep 17 00:00:00 2001
|
|
From: Sutou Kouhei <kou@clear-code.com>
|
|
Date: Thu, 1 Aug 2024 11:23:43 +0900
|
|
Subject: [PATCH] parse pi: improve invalid case detection
|
|
|
|
CVE: CVE-2024-41123
|
|
|
|
Upstream-Status: Backport [https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6]
|
|
|
|
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
---
|
|
.../lib/rexml/parsers/baseparser.rb | 35 +++++++++++--------
|
|
1 file changed, 20 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
index c1a22b8..0ece9b5 100644
|
|
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
@@ -124,11 +124,10 @@ module REXML
|
|
}
|
|
|
|
module Private
|
|
- INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
|
|
TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
|
|
CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
|
|
ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
|
|
- NAME_PATTERN = /\s*#{NAME}/um
|
|
+ NAME_PATTERN = /#{NAME}/um
|
|
GEDECL_PATTERN = "\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
|
|
PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
|
|
ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
|
|
@@ -233,7 +232,7 @@ module REXML
|
|
if @document_status == nil
|
|
start_position = @source.position
|
|
if @source.match("<?", true)
|
|
- return process_instruction(start_position)
|
|
+ return process_instruction
|
|
elsif @source.match("<!", true)
|
|
if @source.match("--", true)
|
|
md = @source.match(/(.*?)-->/um, true)
|
|
@@ -424,7 +423,7 @@ module REXML
|
|
raise REXML::ParseException.new( "Declarations can only occur "+
|
|
"in the doctype declaration.", @source)
|
|
elsif @source.match("?", true)
|
|
- return process_instruction(start_position)
|
|
+ return process_instruction
|
|
else
|
|
# Get the next tag
|
|
md = @source.match(TAG_PATTERN, true)
|
|
@@ -579,14 +578,14 @@ module REXML
|
|
def parse_name(base_error_message)
|
|
md = @source.match(NAME_PATTERN, true)
|
|
unless md
|
|
- if @source.match(/\s*\S/um)
|
|
+ if @source.match(/\S/um)
|
|
message = "#{base_error_message}: invalid name"
|
|
else
|
|
message = "#{base_error_message}: name is missing"
|
|
end
|
|
raise REXML::ParseException.new(message, @source)
|
|
end
|
|
- md[1]
|
|
+ md[0]
|
|
end
|
|
|
|
def parse_id(base_error_message,
|
|
@@ -655,18 +654,24 @@ module REXML
|
|
end
|
|
end
|
|
|
|
- def process_instruction(start_position)
|
|
- match_data = @source.match(Private::INSTRUCTION_END, true)
|
|
- unless match_data
|
|
- message = "Invalid processing instruction node"
|
|
- @source.position = start_position
|
|
- raise REXML::ParseException.new(message, @source)
|
|
+ def process_instruction
|
|
+ name = parse_name("Malformed XML: Invalid processing instruction node")
|
|
+ if @source.match(/\s+/um, true)
|
|
+ match_data = @source.match(/(.*?)\?>/um, true)
|
|
+ unless match_data
|
|
+ raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
|
|
+ end
|
|
+ content = match_data[1]
|
|
+ else
|
|
+ content = nil
|
|
+ unless @source.match("?>", true)
|
|
+ raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
|
|
+ end
|
|
end
|
|
- if match_data[1] == "xml"
|
|
+ if name == "xml"
|
|
if @document_status
|
|
raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
|
|
end
|
|
- content = match_data[2]
|
|
version = VERSION.match(content)
|
|
version = version[1] unless version.nil?
|
|
encoding = ENCODING.match(content)
|
|
@@ -681,7 +686,7 @@ module REXML
|
|
standalone = standalone[1] unless standalone.nil?
|
|
return [ :xmldecl, version, encoding, standalone ]
|
|
end
|
|
- [:processing_instruction, match_data[1], match_data[2]]
|
|
+ [:processing_instruction, name, content]
|
|
end
|
|
|
|
def parse_attributes(prefixes)
|
|
--
|
|
2.40.0
|
|
|