mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
7c4bd642e4
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings. Reference: https://security-tracker.debian.org/tracker/CVE-2024-39908 Upstream-patches:f1df7d13b3d146162e9ab5bf109a59b8a5f4cd5c0af55fa49dc1b64c174e9f1415a261c33ea49810a79ac8b4b467efb5951e1f1e6e9b40910e5a2b48(From OE-Core rev: 6e0b70843422cd7cdb25a9e1520dd64bf701fea6) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
47 lines
1.8 KiB
Diff
47 lines
1.8 KiB
Diff
From b5bf109a599ea733663150e99c09eb44046b41dd Mon Sep 17 00:00:00 2001
|
|
From: Hiroya Fujinami <make.just.on@gmail.com>
|
|
Date: Thu, 13 Jun 2024 15:12:32 +0900
|
|
Subject: [PATCH] Add a "malformed comment" check for top-level comments (#145)
|
|
|
|
This check was missing. Therefore, `REXML::Document.new("<!--")` raised
|
|
the ``undefined method `[]' for nil`` error, for example.
|
|
|
|
This PR also adds tests for "malformed comment" checks.
|
|
|
|
---------
|
|
|
|
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
|
|
|
|
CVE: CVE-2024-39908
|
|
|
|
Upstream-Status: Backport [https://github.com/ruby/rexml/commit/b5bf109a599ea733663150e99c09eb44046b41dd]
|
|
|
|
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
---
|
|
.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
index 81415a8..49c313c 100644
|
|
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
|
|
@@ -236,7 +236,14 @@ module REXML
|
|
return process_instruction(start_position)
|
|
elsif @source.match("<!", true)
|
|
if @source.match("--", true)
|
|
- return [ :comment, @source.match(/(.*?)-->/um, true)[1] ]
|
|
+ md = @source.match(/(.*?)-->/um, true)
|
|
+ if md.nil?
|
|
+ raise REXML::ParseException.new("Unclosed comment", @source)
|
|
+ end
|
|
+ if /--|-\z/.match?(md[1])
|
|
+ raise REXML::ParseException.new("Malformed comment", @source)
|
|
+ end
|
|
+ return [ :comment, md[1] ]
|
|
elsif @source.match("DOCTYPE", true)
|
|
base_error_message = "Malformed DOCTYPE"
|
|
unless @source.match(/\s+/um, true)
|
|
--
|
|
2.40.0
|
|
|