From: Andrey Volk <andywolk@gmail.com>
Date: Tue, 25 Feb 2025 12:05:28 +0000 (+0300)
Subject: [xmlrpc-c] Expat/xmltok: Add missing validation of encoding
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2768%2Fhead;p=thirdparty%2Ffreeswitch.git

[xmlrpc-c] Expat/xmltok: Add missing validation of encoding
---

diff --git a/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c b/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c
index 2bbc8db600..12adca4416 100644
--- a/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c
+++ b/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c
@@ -32,7 +32,7 @@ See the file copying.txt for copying permission.
    case BT_LEAD ## n: \
      if (end - ptr < n) \
        return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NAME_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
        *nextTokPtr = ptr; \
        return XML_TOK_INVALID; \
      } \
@@ -60,7 +60,7 @@ See the file copying.txt for copying permission.
    case BT_LEAD ## n: \
      if (end - ptr < n) \
        return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
        *nextTokPtr = ptr; \
        return XML_TOK_INVALID; \
      } \
@@ -1157,6 +1157,10 @@ int PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
   case BT_LEAD ## n: \
     if (end - ptr < n) \
       return XML_TOK_PARTIAL_CHAR; \
+    if (IS_INVALID_CHAR(enc, ptr, n)) { \
+      *nextTokPtr = ptr; \
+      return XML_TOK_INVALID; \
+    } \
     if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
       ptr += n; \
       tok = XML_TOK_NAME; \