Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-98739: Update libexpat from 2.4.9 to 2.5.0 (#98742) 

* Update libexpat from 2.4.9 to 2.5.0 to address CVE-2022-43680.

Co-authored-by: Shaun Walbridge <shaun.walbridge@gmail.com>
This commit is contained in:
Shaun Walbridge 2022-10-27 16:45:12 -04:00 committed by GitHub
parent bded5edd9a
commit 3e07f827b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst Normal file
View File

@ -0,0 +1 @@
Update bundled libexpat to 2.5.0

4
Modules/expat/expat.h
View File

@ -1054,8 +1054,8 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
See http://semver.org. See http://semver.org.
*/ */
#define XML_MAJOR_VERSION 2 #define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 4 #define XML_MINOR_VERSION 5
#define XML_MICRO_VERSION 9 #define XML_MICRO_VERSION 0
#ifdef __cplusplus #ifdef __cplusplus
} }

35
Modules/expat/xmlparse.c
View File

@ -1,4 +1,4 @@
/* 90815a2b2c80c03b2b889fe1d427bb2b9e3282aa065e42784e001db4f23de324 (2.4.9+) /* 5ab094ffadd6edfc94c3eee53af44a86951f9f1f0933ada3114bbce2bfb02c99 (2.5.0+)
__ __ _ __ __ _
___\ \/ /_ __ __ _| |_ ___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __| / _ \\ /| '_ \ / _` | __|
@ -35,6 +35,7 @@
Copyright (c) 2021 Dong-hee Na <donghee.na@python.org> Copyright (c) 2021 Dong-hee Na <donghee.na@python.org>
Copyright (c) 2022 Samanta Navarro <ferivoz@riseup.net> Copyright (c) 2022 Samanta Navarro <ferivoz@riseup.net>
Copyright (c) 2022 Jeffrey Walton <noloader@gmail.com> Copyright (c) 2022 Jeffrey Walton <noloader@gmail.com>
Copyright (c) 2022 Jann Horn <jannh@google.com>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -1068,6 +1069,14 @@ parserCreate(const XML_Char *encodingName,
parserInit(parser, encodingName); parserInit(parser, encodingName);
if (encodingName && ! parser->m_protocolEncodingName) { if (encodingName && ! parser->m_protocolEncodingName) {
if (dtd) {
// We need to stop the upcoming call to XML_ParserFree from happily
// destroying parser->m_dtd because the DTD is shared with the parent
// parser and the only guard that keeps XML_ParserFree from destroying
// parser->m_dtd is parser->m_isParamEntity but it will be set to
// XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
parser->m_dtd = NULL;
}
XML_ParserFree(parser); XML_ParserFree(parser);
return NULL; return NULL;
} }
@ -3011,9 +3020,6 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
int len; int len;
const char *rawName; const char *rawName;
TAG *tag = parser->m_tagStack; TAG *tag = parser->m_tagStack;
parser->m_tagStack = tag->parent;
tag->parent = parser->m_freeTagList;
parser->m_freeTagList = tag;
rawName = s + enc->minBytesPerChar * 2; rawName = s + enc->minBytesPerChar * 2;
len = XmlNameLength(enc, rawName); len = XmlNameLength(enc, rawName);
if (len != tag->rawNameLength if (len != tag->rawNameLength
@ -3021,6 +3027,9 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
*eventPP = rawName; *eventPP = rawName;
return XML_ERROR_TAG_MISMATCH; return XML_ERROR_TAG_MISMATCH;
} }
parser->m_tagStack = tag->parent;
tag->parent = parser->m_freeTagList;
parser->m_freeTagList = tag;
--parser->m_tagLevel; --parser->m_tagLevel;
if (parser->m_endElementHandler) { if (parser->m_endElementHandler) {
const XML_Char *localPart; const XML_Char *localPart;
@ -4975,10 +4984,10 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
parser->m_handlerArg, parser->m_declElementType->name, parser->m_handlerArg, parser->m_declElementType->name,
parser->m_declAttributeId->name, parser->m_declAttributeType, 0, parser->m_declAttributeId->name, parser->m_declAttributeType, 0,
role == XML_ROLE_REQUIRED_ATTRIBUTE_VALUE); role == XML_ROLE_REQUIRED_ATTRIBUTE_VALUE);
poolClear(&parser->m_tempPool);
handleDefault = XML_FALSE; handleDefault = XML_FALSE;
} }
} }
poolClear(&parser->m_tempPool);
break; break;
case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE: case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE:
case XML_ROLE_FIXED_ATTRIBUTE_VALUE: case XML_ROLE_FIXED_ATTRIBUTE_VALUE:
@ -5386,7 +5395,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
* *
* If 'standalone' is false, the DTD must have no * If 'standalone' is false, the DTD must have no
* parameter entities or we wouldn't have passed the outer * parameter entities or we wouldn't have passed the outer
* 'if' statement. That measn the only entity in the hash * 'if' statement. That means the only entity in the hash
* table is the external subset name "#" which cannot be * table is the external subset name "#" which cannot be
* given as a parameter entity name in XML syntax, so the * given as a parameter entity name in XML syntax, so the
* lookup must have returned NULL and we don't even reach * lookup must have returned NULL and we don't even reach
@ -5798,11 +5807,12 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
if (result != XML_ERROR_NONE) if (result != XML_ERROR_NONE)
return result; return result;
else if (textEnd != next
&& parser->m_parsingStatus.parsing == XML_SUSPENDED) { if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
entity->processed = (int)(next - (const char *)entity->textPtr); entity->processed = (int)(next - (const char *)entity->textPtr);
return result; return result;
} else { }
#ifdef XML_DTD #ifdef XML_DTD
entityTrackingOnClose(parser, entity, __LINE__); entityTrackingOnClose(parser, entity, __LINE__);
#endif #endif
@ -5811,6 +5821,13 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
/* put openEntity back in list of free instances */ /* put openEntity back in list of free instances */
openEntity->next = parser->m_freeInternalEntities; openEntity->next = parser->m_freeInternalEntities;
parser->m_freeInternalEntities = openEntity; parser->m_freeInternalEntities = openEntity;
// If there are more open entities we want to stop right here and have the
// upcoming call to XML_ResumeParser continue with entity content, or it would
// be ignored altogether.
if (parser->m_openInternalEntities != NULL
&& parser->m_parsingStatus.parsing == XML_SUSPENDED) {
return XML_ERROR_NONE;
} }
#ifdef XML_DTD #ifdef XML_DTD

2
Modules/expat/xmltok_impl.h
View File

@ -45,7 +45,7 @@ enum {
BT_LF, /* line feed = "\n" */ BT_LF, /* line feed = "\n" */
BT_GT, /* greater than = ">" */ BT_GT, /* greater than = ">" */
BT_QUOT, /* quotation character = "\"" */ BT_QUOT, /* quotation character = "\"" */
BT_APOS, /* aposthrophe = "'" */ BT_APOS, /* apostrophe = "'" */
BT_EQUALS, /* equal sign = "=" */ BT_EQUALS, /* equal sign = "=" */
BT_QUEST, /* question mark = "?" */ BT_QUEST, /* question mark = "?" */
BT_EXCL, /* exclamation mark = "!" */ BT_EXCL, /* exclamation mark = "!" */