Bug 780077 – Revert unneeded change to htmlParseNameComplex() from Bug 758605

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 780077 - Revert unneeded change to htmlParseNameComplex() from Bug 758605


Summary:	Revert unneeded change to htmlParseNameComplex() from Bug 758605


Status:	RESOLVED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:	758518 CVE-2016-1839
Blocks:

Reported:	2017-03-15 04:25 UTC by David Kilzer
Modified:	2017-06-19 16:32 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Patch v1 (6.26 KB, patch) 2017-03-15 04:54 UTC, David Kilzer	none	Details \| Review

Description David Kilzer 2017-03-15 04:25:02 UTC

Per Bug 766956 Comment #11 from Nick Wellnhofer, the change to htmlParseNameComplex() for Bug 758605 is redundant and can be removed:

<https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33>

The proper fix was the change landed for Bug 758518:

<https://git.gnome.org/browse/libxml2/commit/?id=beca86e8c86984b967a6efa05a9653470253edda>

Comment 1 David Kilzer 2017-03-15 04:54:04 UTC

Created attachment 347981 [details] [review]
Patch v1

Comment 2 David Kilzer 2017-06-11 06:45:24 UTC

So Nick's fix that he committed for Bug 766956 kept the equivalent of this change in the XML parser as a hardening measure:

-    if (ctxt->input->base > ctxt->input->cur - len)
-	return(NULL);

Perhaps this should be kept in the HTML parser as a hardening measure, too?

Comment 3 Nick Wellnhofer 2017-06-11 15:09:45 UTC

Yes, keeping the check is a good idea. I only made some minor adjustments:

https://git.gnome.org/browse/libxml2/commit/?id=f39e3be0dd9b3aa3ec47ff339b4934c16f6e5156

Comment 4 David Kilzer 2017-06-12 01:55:54 UTC

Can we add the new test cases as well?  That was the bulk of the attached patch.

Comment 5 Nick Wellnhofer 2017-06-12 17:58:15 UTC

Applied here: https://git.gnome.org/browse/libxml2/commit/?id=85c112a0828a13aadf9fa806a38dfb185e1ddd4c

Comment 6 David Kilzer 2017-06-19 16:32:04 UTC

(In reply to Nick Wellnhofer from comment #5)
> Applied here:
> https://git.gnome.org/browse/libxml2/commit/?id=85c112a0828a13aadf9fa806a38dfb185e1ddd4c

Thanks Nick!