aboutsummaryrefslogtreecommitdiffstats
path: root/main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch')
-rw-r--r--main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch70
1 files changed, 70 insertions, 0 deletions
diff --git a/main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch b/main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch
new file mode 100644
index 0000000000..6b9dab8a85
--- /dev/null
+++ b/main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch
@@ -0,0 +1,70 @@
+From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 26 Aug 2020 00:34:38 +0200
+Subject: [PATCH] Don't set maxDepth in XPath contexts
+
+The maximum recursion depth is hardcoded in libxml2 now.
+---
+ libxslt/functions.c | 2 +-
+ tests/fuzz/fuzz.c | 11 ++---------
+ 2 files changed, 3 insertions(+), 10 deletions(-)
+
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index 975ea790..7887dda7 100644
+--- a/libxslt/functions.c
++++ b/libxslt/functions.c
+@@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
+ defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
+ xptrctxt->opLimit = ctxt->context->opLimit;
+ xptrctxt->opCount = ctxt->context->opCount;
+- xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
++ xptrctxt->depth = ctxt->context->depth;
+
+ resObj = xmlXPtrEval(fragment, xptrctxt);
+
+diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
+index 75234ad6..780c2d41 100644
+--- a/tests/fuzz/fuzz.c
++++ b/tests/fuzz/fuzz.c
+@@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
+ xpctxt = tctxt->xpathCtxt;
+
+ /* Resource limits to avoid timeouts and call stack overflows */
+- xpctxt->maxDepth = 500;
+ xpctxt->opLimit = 500000;
+
+ /* Test namespaces used in xpath.xml */
+@@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
+ return 0;
+ }
+
+-static void
+-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
+- ctxt->maxDepth = 200;
+- ctxt->opLimit = 100000;
+-}
+-
+ xmlChar *
+ xsltFuzzXslt(const char *data, size_t size) {
+ xmlDocPtr xsltDoc;
+@@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) {
+ xmlFreeDoc(xsltDoc);
+ return NULL;
+ }
+- xsltSetXPathResourceLimits(sheet->xpathCtxt);
++ sheet->xpathCtxt->opLimit = 100000;
+ sheet->xpathCtxt->opCount = 0;
+ if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
+ xsltFreeStylesheet(sheet);
+@@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) {
+ xsltSetCtxtSecurityPrefs(sec, ctxt);
+ ctxt->maxTemplateDepth = 100;
+ ctxt->opLimit = 20000;
+- xsltSetXPathResourceLimits(ctxt->xpathCtxt);
++ ctxt->xpathCtxt->opLimit = 100000;
+ ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
+
+ result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);
+--
+GitLab
+