mirror of
https://github.com/PartialVolume/shredos.x86_64.git
synced 2026-02-20 17:42:10 +00:00
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From: Guilhem Moulin <guilhem@debian.org>
|
|
Date: Sat, 30 Dec 2023 14:15:54 +0100
|
|
Subject: Avoid reachable assertion via crafted XML document with a '\0'
|
|
located after whitespace
|
|
|
|
Upstream: https://salsa.debian.org/debian/tinyxml/-/raw/2366e1f23d059d4c20c43c54176b6bd78d6a83fc/debian/patches/CVE-2023-34194.patch
|
|
|
|
CVE: CVE-2023-34194
|
|
|
|
Bug: https://www.forescout.com/resources/sierra21-vulnerabilities
|
|
Bug-Debian: https://bugs.debian.org/1059315
|
|
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194
|
|
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-40462
|
|
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
|
|
---
|
|
tinyxmlparser.cpp | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/tinyxmlparser.cpp b/src/tinyxmlparser.cpp
|
|
index 8aa0dfa..1601962 100644
|
|
--- a/src/tinyxmlparser.cpp
|
|
+++ b/src/tinyxmlparser.cpp
|
|
@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm
|
|
}
|
|
|
|
p = SkipWhiteSpace( p, _encoding );
|
|
+ if ( !p || !*p )
|
|
+ {
|
|
+ break;
|
|
+ }
|
|
if ( StringEqual( p, "version", true, _encoding ) )
|
|
{
|
|
TiXmlAttribute attrib;
|