[xmlrpc-c] Expat/xmltok: Add missing validation of encoding

author Andrey Volk <andywolk@gmail.com>

Tue, 25 Feb 2025 12:05:28 +0000 (15:05 +0300)

committer Andrey Volk <andywolk@gmail.com>

Tue, 25 Feb 2025 12:05:28 +0000 (15:05 +0300)
author Andrey Volk <andywolk@gmail.com>
Tue, 25 Feb 2025 12:05:28 +0000 (15:05 +0300)
committer Andrey Volk <andywolk@gmail.com>
Tue, 25 Feb 2025 12:05:28 +0000 (15:05 +0300)
diff --git a/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c b/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c

index 2bbc8db600490aaaf3b9739ef803262c543e218e..12adca441697eef8cb73bb84481a8c8d71d77f62 100644 (file)
--- a/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c
+++ b/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c
@@ -32,7 +32,7 @@ See the file copying.txt for copying permission.
     case BT_LEAD ## n: \
       if (end - ptr < n) \
         return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NAME_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
         *nextTokPtr = ptr; \
         return XML_TOK_INVALID; \
       } \
@@ -60,7 +60,7 @@ See the file copying.txt for copying permission.
     case BT_LEAD ## n: \
       if (end - ptr < n) \
         return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
         *nextTokPtr = ptr; \
         return XML_TOK_INVALID; \
       } \
@@ -1157,6 +1157,10 @@ int PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
    case BT_LEAD ## n: \
      if (end - ptr < n) \
        return XML_TOK_PARTIAL_CHAR; \
+    if (IS_INVALID_CHAR(enc, ptr, n)) { \
+      *nextTokPtr = ptr; \
+      return XML_TOK_INVALID; \
+    } \
      if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
        ptr += n; \
        tok = XML_TOK_NAME; \
author	Andrey Volk <andywolk@gmail.com>
	Tue, 25 Feb 2025 12:05:28 +0000 (15:05 +0300)
committer	Andrey Volk <andywolk@gmail.com>
	Tue, 25 Feb 2025 12:05:28 +0000 (15:05 +0300)