Sebastian Pipping
1ee8601f24
Merge branch 'siphash'
2017-06-17 01:04:09 +02:00
Rhodri James
c4bf96bb51
xmlparse.c: Fix external entity infinite loop bug (CVE-2017-9233)
2017-06-17 01:00:05 +02:00
Sebastian Pipping
913851a90c
Remove amigaconfig.h and macconfig.h (issue #14 )
2017-06-16 21:06:16 +02:00
Sebastian Pipping
760077feeb
xmlparse.c: Polish ENTROPY_DEBUG
...
The cast fixes a compile warning.
2017-06-16 20:48:53 +02:00
Sebastian Pipping
c235f0aa43
MinGW: No longer ignore expat_config.h
...
Previously, "#define XML_CONTEXT_BYTES 1024" from winconfig.h
would render --disable-xml-context ineffective.
2017-06-16 20:38:52 +02:00
Sebastian Pipping
2b005a837f
Introduce random-based SHA256 release identifier
...
Idea is to ease finding bundles of Expat in the wild in the future.
PS: If you need to bundle Expat, please keep your copy up to date.
2017-06-15 22:11:38 +02:00
Sebastian Pipping
7e5b71b748
xmlparse.c: Fix XML_Size/XML_Index cast mixup
...
The "MAX = (type)-1" hack only works for unsigned types:
XML_Size is unsigned but XML_Index is not.
As the positive maximum of signed integers is about
half as big as that of their unsigned counterpart,
we divide by 2.
Example for 2 bit integers:
* signed: -2, -1, 0, 1 == 2^1-1
* unsigned: 0, 1, 2, 3 == 2^2-1
Fixing 4be2cb5afc
2017-06-13 23:37:36 +02:00
Sebastian Pipping
3fcef5021a
siphash: Replace current hash algorithm by SipHash
2017-06-11 01:20:41 +02:00
Sebastian Pipping
c0f7c250e3
siphash: Make siphash.h ready for C89 Expat
2017-06-11 01:20:41 +02:00
Sebastian Pipping
38d5bf0080
siphash: Integrate into build system
2017-06-11 01:20:41 +02:00
Sebastian Pipping
695314a849
Add unmodified siphash-20121104.h by William Ahern as siphash.h
2017-06-11 00:49:05 +02:00
Sebastian Pipping
a39382bee5
Drop pre-X Mac OS MPW Makefile (issue #14 )
2017-06-10 22:54:26 +02:00
Sebastian Pipping
64f3cf982a
Merge branch 'better-entropy' (pull request #30 )
2017-06-07 20:18:50 +02:00
Sebastian Pipping
ee43797ac9
Avoid implicit declaration of function ‘syscall’ with -std=c89
2017-06-07 20:14:41 +02:00
Sebastian Pipping
afd0805071
expat.h: Fix version hint on XML_ERROR_INVALID_ARGUMENT
...
Introduced at commit 768613f801
.
2017-05-31 23:45:12 +02:00
Sebastian Pipping
f356fb56fb
Detect and support syscall(SYS_getrandom, [..]) as well
2017-05-31 23:31:15 +02:00
Sebastian Pipping
9e02465f09
Make EXPAT_ENTROPY_DEBUG=1 print entropy source and bytes
2017-05-31 13:28:10 +02:00
Sebastian Pipping
377fa896b3
Merge branch 'parent-hash-salt' ( fixes #31 )
2017-05-30 21:35:40 +02:00
Sebastian Pipping
9592ce6771
Make hash salt setter/getter go up to the very top (issue #31 )
2017-05-30 20:50:40 +02:00
Sebastian Pipping
11f5e68e30
Detect XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2 (issue #33 )
2017-05-29 00:03:02 +02:00
Sebastian Pipping
4be2cb5afc
Detect overflow from len=INT_MAX call to XML_Parse
...
Relevant only when XML_CONTEXT_BYTES not defined
2017-05-28 23:11:00 +02:00
Sebastian Pipping
70db8d2538
Reject negative length call to XML_Parse
2017-05-28 21:35:12 +02:00
Sebastian Pipping
6a747c837c
Set errorCode for XML_Parse on NULL parser
...
Related to 56c75720c2
2017-05-28 21:31:58 +02:00
Sebastian Pipping
50db475431
Address unused variable warning (for XML_CONTEXT_BYTES not defined)
2017-05-28 20:50:43 +02:00
Sebastian Pipping
84f9ca1066
Fix sharing of hash salt across parsers (issue #31 )
...
This affects when XML_ExternalEntityParserCreate was called
prior to XML_Parse.
2017-05-28 17:32:28 +02:00
Sebastian Pipping
ad8521ca84
Pull out shared variable and is-unused marker
2017-05-25 21:55:05 +02:00
Sebastian Pipping
04ad658bd3
Pull parser instance address out of entropy equation to not leak that information
2017-05-25 21:15:36 +02:00
Sebastian Pipping
7a93938687
Start using arc4random_buf with BSD and libbsd
2017-05-25 21:15:36 +02:00
Sebastian Pipping
c9cc7dd3d7
Start using getrandom for entropy extraction with glibc 2.25+
2017-05-25 20:08:23 +02:00
Sebastian Pipping
01e78c377b
Start using RtlGenRandom for entropy extraction on WinXP and later
2017-05-25 20:07:01 +02:00
Sebastian Pipping
50e0dd88f0
Visual Studio 20xx: No longer define WIN32
2017-05-25 15:25:18 +02:00
Sebastian Pipping
8f25f91e9e
Replace WIN32 by _WIN32 in code
2017-05-25 15:25:18 +02:00
Rhodri James
a4dc944f37
Prevent use of uninitialised variable
...
I don't believe the value of 'next' is actually used if it is not
set by the tokenizer, but this is very hard to prove. For safety,
we give it a safe default value.
2017-05-24 22:03:43 +02:00
Sebastian Pipping
9ed727064b
Validate parser parameter to XML_UseParserAsHandlerArg
2017-05-24 21:09:23 +02:00
Sebastian Pipping
b070843f5b
Make XML_GetInputContext parameter validation more flexible
2017-05-24 20:52:16 +02:00
Rhodri James
ea1f407c06
Validate parser parameter to XML_DefaultCurrent
2017-05-24 20:49:40 +02:00
Rhodri James
581a4c7ccf
Validate parser parameter to XML_MemFree
2017-05-24 20:49:40 +02:00
Rhodri James
fad8400108
Validate parser parameter to XML_MemRealloc
2017-05-24 20:49:40 +02:00
Rhodri James
cca6cdc5f8
Validate parser parameter to XML_MemMalloc
2017-05-24 20:49:40 +02:00
Rhodri James
cbfaa23428
Validate parser parameter to XML_FreeContentModel
2017-05-24 20:49:40 +02:00
Rhodri James
11ec6aefd1
Validate parser parameter to XML_GetCurrentColumnNumber
2017-05-24 20:49:40 +02:00
Rhodri James
1bf78fe1fb
Validate parser parameter to XML_GetCurrentLineNumber
2017-05-24 20:49:40 +02:00
Rhodri James
88731abd62
Validate parameters to XML_GetInputContext
2017-05-24 20:49:40 +02:00
Rhodri James
fd2571b27a
Validate parser parameter to XML_GetCurrentByteCount
2017-05-24 20:49:40 +02:00
Rhodri James
2253c12304
Validate the parser parameter to XML_GetCurrentByteIndex
2017-05-24 20:49:40 +02:00
Rhodri James
1c365fc049
Validate parser parameter to XML_GetErrorCode
2017-05-24 20:49:40 +02:00
Rhodri James
253c68928e
Validate parser parameter for XML_GetParsingStatus
2017-05-24 20:49:40 +02:00
Rhodri James
fadc9db44c
Validate parser parameter for XML_ResumeParser
2017-05-24 20:49:40 +02:00
Rhodri James
9ce48e786c
Validate parser parameter for XML_StopParser
2017-05-24 20:49:40 +02:00
Rhodri James
49c4ad9210
Validate parser parameter for XML_GetBuffer
2017-05-24 20:49:40 +02:00