From 0dab27082fb870fc2f96abc4b9fe0f84445c5c5f Mon Sep 17 00:00:00 2001 From: jeanlf Date: Mon, 22 May 2023 17:35:19 +0200 Subject: [PATCH] [PATCH] fixed #2473 Gbp-Pq: Name CVE-2023-2837.patch --- src/utils/xml_parser.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/utils/xml_parser.c b/src/utils/xml_parser.c index 9c48e03..3fdf82c 100644 --- a/src/utils/xml_parser.c +++ b/src/utils/xml_parser.c @@ -190,6 +190,7 @@ struct _tag_sax_parser GF_XMLAttribute *attrs; GF_XMLSaxAttribute *sax_attrs; u32 nb_attrs, nb_alloc_attrs; + u32 ent_rec_level; }; static GF_XMLSaxAttribute *xml_get_sax_attribute(GF_SAXParser *parser) @@ -882,7 +883,14 @@ restart: parser->line_size = 0; parser->elt_start_pos = 0; parser->sax_state = SAX_STATE_TEXT_CONTENT; - e = gf_xml_sax_parse_intern(parser, orig_buf); + parser->ent_rec_level++; + if (parser->ent_rec_level>100) { + GF_LOG(GF_LOG_WARNING, GF_LOG_CORE, ("[XML] Too many recursions in entity solving, max 100 allowed\n")); + e = GF_NOT_SUPPORTED; + } else { + e = gf_xml_sax_parse_intern(parser, orig_buf); + parser->ent_rec_level--; + } gf_free(orig_buf); return e; } @@ -1055,8 +1063,9 @@ static GF_Err gf_xml_sax_parse_intern(GF_SAXParser *parser, char *current) /*append entity*/ line_num = parser->line; xml_sax_append_string(parser, ent->value); - xml_sax_parse(parser, GF_TRUE); + GF_Err e = xml_sax_parse(parser, GF_TRUE); parser->line = line_num; + if (e) return e; } xml_sax_append_string(parser, current); -- 2.30.2