aboutsummaryrefslogtreecommitdiffstats
path: root/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch')
-rw-r--r--main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch b/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch
new file mode 100644
index 0000000000..e943e79045
--- /dev/null
+++ b/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch
@@ -0,0 +1,42 @@
+From 824657768aea2cce9c23e72ba8085cb5e44350c7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 17 Aug 2020 04:27:13 +0200
+Subject: [PATCH] Transfer XPath limits to XPtr context
+
+Expressions like document('doc.xml#xpointer(evil_expr)') ignored the
+XPath limits.
+---
+ libxslt/functions.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index b350545a..975ea790 100644
+--- a/libxslt/functions.c
++++ b/libxslt/functions.c
+@@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
+ goto out_fragment;
+ }
+
++#if LIBXML_VERSION >= 20911 || \
++ defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
++ xptrctxt->opLimit = ctxt->context->opLimit;
++ xptrctxt->opCount = ctxt->context->opCount;
++ xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
++
++ resObj = xmlXPtrEval(fragment, xptrctxt);
++
++ ctxt->context->opCount = xptrctxt->opCount;
++#else
+ resObj = xmlXPtrEval(fragment, xptrctxt);
+- xmlXPathFreeContext(xptrctxt);
+ #endif
+
++ xmlXPathFreeContext(xptrctxt);
++#endif /* LIBXML_XPTR_ENABLED */
++
+ if (resObj == NULL)
+ goto out_fragment;
+
+--
+GitLab
+