Commit f064d2c6 authored by Bill Blough's avatar Bill Blough

Apply upstream patch for CVE-2016-2099

parent 50e6dec7
xerces-c (3.1.3+debian-2) unstable; urgency=medium
* Fix CVE-2016-2099: Exception handling mistake in DTDScanner.
Closes: #823863
-- William Blough <devel@blough.us> Tue, 10 May 2016 00:34:51 -0400
xerces-c (3.1.3+debian-1) unstable; urgency=medium
* New upstream version.
......
Description: Fix CVE-2016-2099
Origin: upstream, https://issues.apache.org/jira/browse/XERCESC-2066
Last-Update: 2016-5-10
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/src/xercesc/validators/DTD/DTDScanner.cpp
+++ b/src/xercesc/validators/DTD/DTDScanner.cpp
@@ -2509,7 +2509,15 @@ void DTDScanner::scanExtSubsetDecl(const
{
while (true)
{
- const XMLCh nextCh = fReaderMgr->peekNextChar();
+ XMLCh nextCh;
+
+ try {
+ nextCh = fReaderMgr->peekNextChar();
+ }
+ catch (XMLException& ex) {
+ fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL);
+ nextCh = chNull;
+ }
if (!nextCh)
{
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment