rpms/libxslt/devel libexslt-rc4.patch, NONE, 1.1 libxslt.spec, 1.54, 1.55
Daniel Veillard
veillard at fedoraproject.org
Wed Oct 8 14:02:49 UTC 2008
- Previous message: rpms/ruby/F-8 ruby-1.8.6-rexml-CVE-2008-3790.patch, NONE, 1.1 ruby.spec, 1.110, 1.111
- Next message: rpms/condor/devel DetectGCC431.patch, 1.2, 1.3 .cvsignore, 1.3, 1.4 condor.spec, 1.7, 1.8 sources, 1.3, 1.4 DetectGCC430.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: veillard
Update of /cvs/pkgs/rpms/libxslt/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16499
Modified Files:
libxslt.spec
Added Files:
libexslt-rc4.patch
Log Message:
- CVE-2008-2935 fix
daniel
libexslt-rc4.patch:
--- NEW FILE libexslt-rc4.patch ---
Index: libexslt/crypto.c
===================================================================
--- libexslt/crypto.c (revision 1485)
+++ libexslt/crypto.c (working copy)
@@ -317,13 +317,13 @@ exsltCryptoCryptoApiRc4Decrypt (xmlXPath
#define PLATFORM_MD5 GCRY_MD_MD5
#define PLATFORM_SHA1 GCRY_MD_SHA1
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h> /* needed by gcrypt.h 4 Jul 04 */
#endif
@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
int str_len = 0, bin_len = 0, hex_len = 0;
xmlChar *key = NULL, *str = NULL, *padkey = NULL;
xmlChar *bin = NULL, *hex = NULL;
+ xsltTransformContextPtr tctxt = NULL;
- if ((nargs < 1) || (nargs > 3)) {
+ if (nargs != 2) {
xmlXPathSetArityError (ctxt);
return;
}
+ tctxt = xsltXPathGetTransformContext(ctxt);
str = xmlXPathPopString (ctxt);
str_len = xmlUTF8Strlen (str);
@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
}
key = xmlXPathPopString (ctxt);
- key_len = xmlUTF8Strlen (str);
+ key_len = xmlUTF8Strlen (key);
if (key_len == 0) {
xmlXPathReturnEmptyString (ctxt);
@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
return;
}
- padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
+ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
+ if (padkey == NULL) {
+ xsltTransformError(tctxt, NULL, tctxt->inst,
+ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
+ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
+ memset(padkey, 0, RC4_KEY_LENGTH + 1);
+
key_size = xmlUTF8Strsize (key, key_len);
+ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
+ xsltTransformError(tctxt, NULL, tctxt->inst,
+ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
+ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
memcpy (padkey, key, key_size);
- memset (padkey + key_size, '\0', sizeof (padkey));
/* encrypt it */
bin_len = str_len;
bin = xmlStrdup (str);
if (bin == NULL) {
+ xsltTransformError(tctxt, NULL, tctxt->inst,
+ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
+ tctxt->state = XSLT_STATE_STOPPED;
xmlXPathReturnEmptyString (ctxt);
goto done;
}
@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
hex_len = str_len * 2 + 1;
hex = xmlMallocAtomic (hex_len);
if (hex == NULL) {
+ xsltTransformError(tctxt, NULL, tctxt->inst,
+ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
+ tctxt->state = XSLT_STATE_STOPPED;
xmlXPathReturnEmptyString (ctxt);
goto done;
}
@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
int str_len = 0, bin_len = 0, ret_len = 0;
xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin =
NULL, *ret = NULL;
+ xsltTransformContextPtr tctxt = NULL;
- if ((nargs < 1) || (nargs > 3)) {
+ if (nargs != 2) {
xmlXPathSetArityError (ctxt);
return;
}
+ tctxt = xsltXPathGetTransformContext(ctxt);
str = xmlXPathPopString (ctxt);
str_len = xmlUTF8Strlen (str);
@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
}
key = xmlXPathPopString (ctxt);
- key_len = xmlUTF8Strlen (str);
+ key_len = xmlUTF8Strlen (key);
if (key_len == 0) {
xmlXPathReturnEmptyString (ctxt);
@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
return;
}
- padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
+ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
+ if (padkey == NULL) {
+ xsltTransformError(tctxt, NULL, tctxt->inst,
+ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
+ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
+ memset(padkey, 0, RC4_KEY_LENGTH + 1);
key_size = xmlUTF8Strsize (key, key_len);
+ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
+ xsltTransformError(tctxt, NULL, tctxt->inst,
+ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
+ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
memcpy (padkey, key, key_size);
- memset (padkey + key_size, '\0', sizeof (padkey));
/* decode hex to binary */
bin_len = str_len;
bin = xmlMallocAtomic (bin_len);
+ if (bin == NULL) {
+ xsltTransformError(tctxt, NULL, tctxt->inst,
+ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
+ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len);
/* decrypt the binary blob */
ret = xmlMallocAtomic (ret_len);
+ if (ret == NULL) {
+ xsltTransformError(tctxt, NULL, tctxt->inst,
+ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
+ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
xmlXPathReturnString (ctxt, ret);
+done:
if (key != NULL)
xmlFree (key);
if (str != NULL)
Index: libxslt.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libxslt/devel/libxslt.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- libxslt.spec 13 May 2008 16:37:23 -0000 1.54
+++ libxslt.spec 8 Oct 2008 14:02:19 -0000 1.55
@@ -1,7 +1,7 @@
Summary: Library providing the Gnome XSLT engine
Name: libxslt
Version: 1.1.24
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
License: MIT
Group: Development/Libraries
Source: ftp://xmlsoft.org/XSLT/libxslt-%{version}.tar.gz
@@ -15,6 +15,7 @@
Prefix: %{_prefix}
Docdir: %{_docdir}
Patch0: multilib.patch
+Patch1: libexslt-rc4.patch
%description
This C library allows to transform XML files into other XML files
@@ -56,6 +57,7 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p0
%build
%configure
@@ -125,6 +127,9 @@
%doc python/tests/*.xsl
%changelog
+* Wed Oct 8 2008 Daniel Veillard <veillard at redhat.com> 1.1.24-2.fc10
+- CVE-2008-2935 fix
+
* Tue May 13 2008 Daniel Veillard <veillard at redhat.com> 1.1.24-1.fc10
- release of 1.1.24
- fixes a few bugs including the key initialization problem
- Previous message: rpms/ruby/F-8 ruby-1.8.6-rexml-CVE-2008-3790.patch, NONE, 1.1 ruby.spec, 1.110, 1.111
- Next message: rpms/condor/devel DetectGCC431.patch, 1.2, 1.3 .cvsignore, 1.3, 1.4 condor.spec, 1.7, 1.8 sources, 1.3, 1.4 DetectGCC430.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list