[Pkg-ocaml-maint-commits] [SCM] xml-light packaging branch, master, updated. debian/2.2-14-2-g341dabd

Mehdi Dogguy mehdi at debian.org
Fri Oct 5 13:12:06 UTC 2012 

The following commit has been merged in the master branch:
commit 341dabd8042f55ed0a998063a075c76dc91cc16b
Author: Mehdi Dogguy <mehdi at debian.org>
Date:   Mon Oct 1 14:52:10 2012 +0200

    Fix CVE-2012-3514 (Closes: #685584)
    
    * Fix CVE-2012-3514 (Closes: #685584).
      - add 06_CVE-2012-3514.diff

diff --git a/debian/changelog b/debian/changelog
index 37a40b6..eb606e8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,13 @@
 xml-light (2.2-15) UNRELEASED; urgency=low
 
+  [ Sylvain Le Gall ]
   * Remove Sylvain Le Gall from uploaders
 
- -- Sylvain Le Gall <gildor at debian.org>  Fri, 21 Sep 2012 01:25:47 +0000
+  [ Mehdi Dogguy ]
+  * Fix CVE-2012-3514 (Closes: #685584).
+    - add 06_CVE-2012-3514.diff
+
+ -- Mehdi Dogguy <mehdi at debian.org>  Mon, 01 Oct 2012 14:49:49 +0200
 
 xml-light (2.2-14) unstable; urgency=low
 
diff --git a/debian/patches/06_CVE-2012-3514.diff b/debian/patches/06_CVE-2012-3514.diff
new file mode 100644
index 0000000..8db0bc9
--- /dev/null
+++ b/debian/patches/06_CVE-2012-3514.diff
@@ -0,0 +1,153 @@
+--- a/dtd.ml
++++ b/dtd.ml
+@@ -93,16 +93,18 @@
+ 
+ type dtd = dtd_item list
+ 
+-type ('a,'b) hash = ('a,'b) Hashtbl.t
++module StringMap = Map.Make(String)
++
++type 'a map = 'a StringMap.t ref
+ 
+ type checked = {
+-	c_elements : (string,dtd_element_type) hash;
+-	c_attribs : (string,(string,(dtd_attr_type * dtd_attr_default)) hash) hash;
++	c_elements : dtd_element_type map;
++	c_attribs : (dtd_attr_type * dtd_attr_default) map map;
+ }
+ 
+ type dtd_state = {
+-	elements : (string,dtd_element_type) hash;
+-	attribs : (string,(string,(dtd_attr_type * dtd_attr_default)) hash) hash;
++	elements : dtd_element_type map;
++	attribs : (dtd_attr_type * dtd_attr_default) map map;
+ 	mutable current : dtd_element_type;
+ 	mutable curtag : string;
+ 	state : (string * dtd_element_type) Stack.t;
+@@ -113,7 +115,21 @@
+ let _raises e =
+ 	file_not_found := e
+ 
+-let empty_hash = Hashtbl.create 0
++let create_map() = ref StringMap.empty
++
++let empty_map = create_map()
++
++let find_map m k = StringMap.find k (!m)
++
++let set_map m k v = m := StringMap.add k v (!m)
++
++let unset_map m k = m := StringMap.remove k (!m)
++
++let iter_map f m = StringMap.iter f (!m)
++
++let fold_map f m = StringMap.fold f (!m)
++
++let mem_map m k = StringMap.mem k (!m)
+ 
+ let pos source =
+ 	let line, lstart, min, max = Xml_lexer.pos source in
+@@ -158,45 +174,45 @@
+ 			raise e
+ 
+ let check dtd =
+-	let attribs = Hashtbl.create 0 in
+-	let hdone = Hashtbl.create 0 in
+-	let htodo = Hashtbl.create 0 in
++	let attribs = create_map () in
++	let hdone = create_map () in
++	let htodo = create_map () in
+ 	let ftodo tag from =
+ 		try
+-			ignore(Hashtbl.find hdone tag);
++			ignore(find_map hdone tag);
+ 		with
+ 			Not_found ->
+ 				try
+-					match Hashtbl.find htodo tag with
+-					| None -> Hashtbl.replace htodo tag from
++					match find_map htodo tag with
++					| None -> set_map htodo tag from
+ 					| Some _ -> ()
+ 				with
+ 					Not_found ->
+-						Hashtbl.add htodo tag from
++						set_map htodo tag from
+ 	in
+ 	let fdone tag edata =
+ 		try 
+-			ignore(Hashtbl.find hdone tag);
++			ignore(find_map hdone tag);
+ 			raise (Check_error (ElementDefinedTwice tag));
+ 		with
+ 			Not_found ->
+-				Hashtbl.remove htodo tag;
+-				Hashtbl.add hdone tag edata
++				unset_map htodo tag;
++				set_map hdone tag edata
+ 	in
+ 	let fattrib tag aname adata =
+ 		let h = (try
+-				Hashtbl.find attribs tag
++				find_map attribs tag
+ 			with
+ 				Not_found ->
+-					let h = Hashtbl.create 1 in
+-					Hashtbl.add attribs tag h;
++					let h = create_map () in
++					set_map attribs tag h;
+ 					h) in
+ 		try
+-			ignore(Hashtbl.find h aname);
++			ignore(find_map h aname);
+ 			raise (Check_error (AttributeDefinedTwice (tag,aname)));
+ 		with
+ 			Not_found ->
+-				Hashtbl.add h aname adata
++				set_map h aname adata
+ 	in
+ 	let check_item = function
+ 		| DTDAttribute (tag,aname,atype,adef) ->
+@@ -229,7 +245,7 @@
+ 			check_type etype
+ 	in
+ 	List.iter check_item dtd;
+-	Hashtbl.iter (fun t from ->
++	iter_map (fun t from ->
+ 		match from with
+ 		| None -> raise (Check_error (ElementNotDeclared t))
+ 		| Some tag -> raise (Check_error (ElementReferenced (t,tag)))
+@@ -248,7 +264,7 @@
+ 		curtag = "_root";
+ 	} in
+ 	try
+-		ignore(Hashtbl.find d.elements (String.uppercase root));
++		ignore(find_map d.elements (String.uppercase root));
+ 		d
+ 	with
+ 		Not_found -> raise (Check_error (ElementNotDeclared root))
+@@ -365,7 +381,7 @@
+ 
+ let check_attrib ahash (aname,_) =
+ 	try
+-		ignore(Hashtbl.find ahash aname);
++		ignore(find_map ahash aname);
+ 	with
+ 		Not_found -> raise (Prove_error (UnexpectedAttribute aname))
+ 
+@@ -378,12 +394,12 @@
+ 		let uattr = List.map (fun (aname,aval) -> String.uppercase aname , aval) attr in
+ 		prove_child dtd (Some utag);
+ 		Stack.push (dtd.curtag,dtd.current) dtd.state;
+-		let elt = (try Hashtbl.find dtd.elements utag with Not_found -> raise (Prove_error (UnexpectedTag tag))) in
+-		let ahash = (try Hashtbl.find dtd.attribs utag with Not_found -> empty_hash) in
++		let elt = (try find_map dtd.elements utag with Not_found -> raise (Prove_error (UnexpectedTag tag))) in
++		let ahash = (try find_map dtd.attribs utag with Not_found -> empty_map) in
+ 		dtd.curtag <- tag;
+ 		dtd.current <- elt;
+ 		List.iter (check_attrib ahash) uattr;
+-		let attr = Hashtbl.fold (prove_attrib dtd uattr) ahash [] in
++		let attr = fold_map (prove_attrib dtd uattr) ahash [] in
+ 		let childs = ref (List.map (do_prove dtd) childs) in
+ 		(match dtd.current with
+ 		| DTDAny
diff --git a/debian/patches/series b/debian/patches/series
index 68f6b97..4fe10ca 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
 03_cflags.diff
 04_dtd_trace.diff
 05_cmxs_plugin.diff
+06_CVE-2012-3514.diff

-- 
xml-light packaging

More information about the Pkg-ocaml-maint-commits mailing list