svn commit: r495308 - in head/devel/xmltooling: . files
Palle Girgensohn
girgen at FreeBSD.org
Sun Mar 10 17:50:41 UTC 2019
Author: girgen
Date: Sun Mar 10 17:50:39 2019
New Revision: 495308
URL: https://svnweb.freebsd.org/changeset/ports/495308
Log:
Pull upstreams fix from upcoming release
This fixes a DoS scenario. The commit message from the original commit is
CPPXT - Crash due to uncaught DOMException
Added:
head/devel/xmltooling/files/patch-xmltooling_util_ParserPool.cpp (contents, props changed)
Modified:
head/devel/xmltooling/Makefile
Modified: head/devel/xmltooling/Makefile
==============================================================================
--- head/devel/xmltooling/Makefile Sun Mar 10 17:43:52 2019 (r495307)
+++ head/devel/xmltooling/Makefile Sun Mar 10 17:50:39 2019 (r495308)
@@ -3,6 +3,7 @@
PORTNAME= xmltooling
PORTVERSION= 3.0.3
+PORTREVISION= 1
CATEGORIES= devel security
MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/3.0.0/
Added: head/devel/xmltooling/files/patch-xmltooling_util_ParserPool.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/xmltooling/files/patch-xmltooling_util_ParserPool.cpp Sun Mar 10 17:50:39 2019 (r495308)
@@ -0,0 +1,43 @@
+commit af27c422f551e16989ff6f1722d83614c8550eb5
+Author: Scott Cantor <cantor.2 at osu.edu>
+Date: Wed Mar 6 21:14:13 2019 -0500
+
+ CPPXT - Crash due to uncaught DOMException
+
+ https://issues.shibboleth.net/jira/browse/CPPXT-143
+
+diff --git a/xmltooling/util/ParserPool.cpp b/xmltooling/util/ParserPool.cpp
+index 5d96b66..da23846 100644
+--- xmltooling/util/ParserPool.cpp
++++ xmltooling/util/ParserPool.cpp
+@@ -148,14 +148,28 @@ DOMDocument* ParserPool::parse(DOMLSInput& domsrc)
+ checkinBuilder(janitor.release());
+ return doc;
+ }
+- catch (XMLException& ex) {
++ catch (const DOMException& ex) {
++ parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr);
++ parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
++ checkinBuilder(janitor.release());
++ auto_ptr_char temp(ex.getMessage());
++ throw XMLParserException(string("DOM error during parsing: ") + (temp.get() ? temp.get() : "no message"));
++ }
++ catch (const SAXException& ex) {
++ parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr);
++ parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
++ checkinBuilder(janitor.release());
++ auto_ptr_char temp(ex.getMessage());
++ throw XMLParserException(string("SAX error during parsing: ") + (temp.get() ? temp.get() : "no message"));
++ }
++ catch (const XMLException& ex) {
+ parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr);
+ parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
+ checkinBuilder(janitor.release());
+ auto_ptr_char temp(ex.getMessage());
+ throw XMLParserException(string("Xerces error during parsing: ") + (temp.get() ? temp.get() : "no message"));
+ }
+- catch (XMLToolingException&) {
++ catch (const XMLToolingException&) {
+ parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr);
+ parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
+ checkinBuilder(janitor.release());
More information about the svn-ports-all
mailing list