r46467 - in /branches/lenny/libhtml-parser-perl: debian/changelog t/entities.t util.c
carnil-guest at users.alioth.debian.org
carnil-guest at users.alioth.debian.org
Tue Oct 27 22:02:30 UTC 2009
Author: carnil-guest
Date: Tue Oct 27 22:01:55 2009
New Revision: 46467
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=46467
Log:
Fix decode_entities which can be confused by trailing incomplete entity
and leading to potential DoS attacks - CVE-2009-3627 (Closes: #552531).
Modified:
branches/lenny/libhtml-parser-perl/debian/changelog
branches/lenny/libhtml-parser-perl/t/entities.t
branches/lenny/libhtml-parser-perl/util.c
Modified: branches/lenny/libhtml-parser-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libhtml-parser-perl/debian/changelog?rev=46467&op=diff
==============================================================================
--- branches/lenny/libhtml-parser-perl/debian/changelog (original)
+++ branches/lenny/libhtml-parser-perl/debian/changelog Tue Oct 27 22:01:55 2009
@@ -1,3 +1,10 @@
+libhtml-parser-perl (3.56-1+lenny1) stable-security; urgency=high
+
+ * Fix decode_entities which can be confused by trailing incomplete entity
+ and leading to potential DoS attacks - CVE-2009-3627 (Closes: #552531).
+
+ -- Salvatore Bonaccorso <salvatore.bonaccorso at gmail.com> Tue, 27 Oct 2009 21:43:51 +0100
+
libhtml-parser-perl (3.56-1) unstable; urgency=low
* New upstream release
Modified: branches/lenny/libhtml-parser-perl/t/entities.t
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libhtml-parser-perl/t/entities.t?rev=46467&op=diff
==============================================================================
--- branches/lenny/libhtml-parser-perl/t/entities.t (original)
+++ branches/lenny/libhtml-parser-perl/t/entities.t Tue Oct 27 22:01:55 2009
@@ -1,6 +1,6 @@
use HTML::Entities qw(decode_entities encode_entities encode_entities_numeric);
-use Test::More tests => 12;
+use Test::More tests => 13;
$a = "Våre norske tegn bør æres";
@@ -66,6 +66,8 @@
is(decode_entities("'"), "'");
is(encode_entities("'", "'"), "'");
+is(decode_entities("Attention Homeοωnөrs...1ѕt Tімe Eνөг"),
+ "Attention Home\x{3BF}\x{3C9}n\x{4E9}rs...1\x{455}t T\x{456}\x{43C}e E\x{3BD}\x{4E9}\x{433}");
__END__
# Quoted from rfc1866.txt
Modified: branches/lenny/libhtml-parser-perl/util.c
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libhtml-parser-perl/util.c?rev=46467&op=diff
==============================================================================
--- branches/lenny/libhtml-parser-perl/util.c (original)
+++ branches/lenny/libhtml-parser-perl/util.c Tue Oct 27 22:01:55 2009
@@ -95,14 +95,14 @@
ent_start = s;
repl = 0;
- if (*s == '#') {
+ if (s < end && *s == '#') {
UV num = 0;
UV prev = 0;
int ok = 0;
s++;
- if (*s == 'x' || *s == 'X') {
+ if (s < end && (*s == 'x' || *s == 'X')) {
s++;
- while (*s) {
+ while (s < end) {
char *tmp = strchr(PL_hexdigit, *s);
if (!tmp)
break;
@@ -118,7 +118,7 @@
}
}
else {
- while (isDIGIT(*s)) {
+ while (s < end && isDIGIT(*s)) {
num = num * 10 + (*s - '0');
if (prev && num < prev) {
/* overflow */
@@ -181,7 +181,7 @@
}
else {
char *ent_name = s;
- while (isALNUM(*s))
+ while (s < end && isALNUM(*s))
s++;
if (ent_name != s && entity2char) {
SV** svp;
@@ -217,7 +217,7 @@
if (repl) {
char *repl_allocated = 0;
- if (*s == ';')
+ if (s < end && *s == ';')
s++;
t--; /* '&' already copied, undo it */
More information about the Pkg-perl-cvs-commits
mailing list