r46467 - in /branches/lenny/libhtml-parser-perl: debian/changelog t/entities.t util.c

carnil-guest at users.alioth.debian.org carnil-guest at users.alioth.debian.org
Tue Oct 27 22:02:30 UTC 2009


Author: carnil-guest
Date: Tue Oct 27 22:01:55 2009
New Revision: 46467

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=46467
Log:
Fix decode_entities which can be confused by trailing incomplete entity
and leading to potential DoS attacks - CVE-2009-3627 (Closes: #552531).

Modified:
    branches/lenny/libhtml-parser-perl/debian/changelog
    branches/lenny/libhtml-parser-perl/t/entities.t
    branches/lenny/libhtml-parser-perl/util.c

Modified: branches/lenny/libhtml-parser-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libhtml-parser-perl/debian/changelog?rev=46467&op=diff
==============================================================================
--- branches/lenny/libhtml-parser-perl/debian/changelog (original)
+++ branches/lenny/libhtml-parser-perl/debian/changelog Tue Oct 27 22:01:55 2009
@@ -1,3 +1,10 @@
+libhtml-parser-perl (3.56-1+lenny1) stable-security; urgency=high
+
+  * Fix decode_entities which can be confused by trailing incomplete entity
+    and leading to potential DoS attacks - CVE-2009-3627 (Closes: #552531).
+
+ -- Salvatore Bonaccorso <salvatore.bonaccorso at gmail.com>  Tue, 27 Oct 2009 21:43:51 +0100
+
 libhtml-parser-perl (3.56-1) unstable; urgency=low
 
   * New upstream release

Modified: branches/lenny/libhtml-parser-perl/t/entities.t
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libhtml-parser-perl/t/entities.t?rev=46467&op=diff
==============================================================================
--- branches/lenny/libhtml-parser-perl/t/entities.t (original)
+++ branches/lenny/libhtml-parser-perl/t/entities.t Tue Oct 27 22:01:55 2009
@@ -1,6 +1,6 @@
 use HTML::Entities qw(decode_entities encode_entities encode_entities_numeric);
 
-use Test::More tests => 12;
+use Test::More tests => 13;
 
 $a = "V&aring;re norske tegn b&oslash;r &#230res";
 
@@ -66,6 +66,8 @@
 is(decode_entities("&apos;"), "'");
 is(encode_entities("'", "'"), "&#39;");
 
+is(decode_entities("Attention Home&#959&#969n&#1257rs...1&#1109t T&#1110&#1084e E&#957&#1257&#1075"),
+  "Attention Home\x{3BF}\x{3C9}n\x{4E9}rs...1\x{455}t T\x{456}\x{43C}e E\x{3BD}\x{4E9}\x{433}");
 
 __END__
 # Quoted from rfc1866.txt

Modified: branches/lenny/libhtml-parser-perl/util.c
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libhtml-parser-perl/util.c?rev=46467&op=diff
==============================================================================
--- branches/lenny/libhtml-parser-perl/util.c (original)
+++ branches/lenny/libhtml-parser-perl/util.c Tue Oct 27 22:01:55 2009
@@ -95,14 +95,14 @@
 	ent_start = s;
 	repl = 0;
 
-	if (*s == '#') {
+	if (s < end && *s == '#') {
 	    UV num = 0;
 	    UV prev = 0;
 	    int ok = 0;
 	    s++;
-	    if (*s == 'x' || *s == 'X') {
+	    if (s < end && (*s == 'x' || *s == 'X')) {
 		s++;
-		while (*s) {
+		while (s < end) {
 		    char *tmp = strchr(PL_hexdigit, *s);
 		    if (!tmp)
 			break;
@@ -118,7 +118,7 @@
 		}
 	    }
 	    else {
-		while (isDIGIT(*s)) {
+		while (s < end && isDIGIT(*s)) {
 		    num = num * 10 + (*s - '0');
 		    if (prev && num < prev) {
 			/* overflow */
@@ -181,7 +181,7 @@
 	}
 	else {
 	    char *ent_name = s;
-	    while (isALNUM(*s))
+	    while (s < end && isALNUM(*s))
 		s++;
 	    if (ent_name != s && entity2char) {
 		SV** svp;
@@ -217,7 +217,7 @@
 
 	if (repl) {
 	    char *repl_allocated = 0;
-	    if (*s == ';')
+	    if (s < end && *s == ';')
 		s++;
 	    t--;  /* '&' already copied, undo it */
 




More information about the Pkg-perl-cvs-commits mailing list