Commit Graph

448 Commits

Author SHA1 Message Date
Sebastian Pipping
1ee8601f24 Merge branch 'siphash' 2017-06-17 01:04:09 +02:00
Rhodri James
c4bf96bb51 xmlparse.c: Fix external entity infinite loop bug (CVE-2017-9233) 2017-06-17 01:00:05 +02:00
Sebastian Pipping
913851a90c Remove amigaconfig.h and macconfig.h (issue #14) 2017-06-16 21:06:16 +02:00
Sebastian Pipping
760077feeb xmlparse.c: Polish ENTROPY_DEBUG
The cast fixes a compile warning.
2017-06-16 20:48:53 +02:00
Sebastian Pipping
c235f0aa43 MinGW: No longer ignore expat_config.h
Previously, "#define XML_CONTEXT_BYTES 1024" from winconfig.h
would render --disable-xml-context ineffective.
2017-06-16 20:38:52 +02:00
Sebastian Pipping
2b005a837f Introduce random-based SHA256 release identifier
Idea is to ease finding bundles of Expat in the wild in the future.
PS: If you need to bundle Expat, please keep your copy up to date.
2017-06-15 22:11:38 +02:00
Sebastian Pipping
7e5b71b748 xmlparse.c: Fix XML_Size/XML_Index cast mixup
The "MAX = (type)-1" hack only works for unsigned types:
XML_Size is unsigned but XML_Index is not.
As the positive maximum of signed integers is about
half as big as that of their unsigned counterpart,
we divide by 2.

Example for 2 bit integers:
* signed: -2, -1, 0, 1 == 2^1-1
* unsigned: 0, 1, 2, 3 == 2^2-1

Fixing 4be2cb5afc
2017-06-13 23:37:36 +02:00
Sebastian Pipping
3fcef5021a siphash: Replace current hash algorithm by SipHash 2017-06-11 01:20:41 +02:00
Sebastian Pipping
c0f7c250e3 siphash: Make siphash.h ready for C89 Expat 2017-06-11 01:20:41 +02:00
Sebastian Pipping
38d5bf0080 siphash: Integrate into build system 2017-06-11 01:20:41 +02:00
Sebastian Pipping
695314a849 Add unmodified siphash-20121104.h by William Ahern as siphash.h 2017-06-11 00:49:05 +02:00
Sebastian Pipping
a39382bee5 Drop pre-X Mac OS MPW Makefile (issue #14) 2017-06-10 22:54:26 +02:00
Sebastian Pipping
64f3cf982a Merge branch 'better-entropy' (pull request #30) 2017-06-07 20:18:50 +02:00
Sebastian Pipping
ee43797ac9 Avoid implicit declaration of function ‘syscall’ with -std=c89 2017-06-07 20:14:41 +02:00
Sebastian Pipping
afd0805071 expat.h: Fix version hint on XML_ERROR_INVALID_ARGUMENT
Introduced at commit 768613f801.
2017-05-31 23:45:12 +02:00
Sebastian Pipping
f356fb56fb Detect and support syscall(SYS_getrandom, [..]) as well 2017-05-31 23:31:15 +02:00
Sebastian Pipping
9e02465f09 Make EXPAT_ENTROPY_DEBUG=1 print entropy source and bytes 2017-05-31 13:28:10 +02:00
Sebastian Pipping
377fa896b3 Merge branch 'parent-hash-salt' (fixes #31) 2017-05-30 21:35:40 +02:00
Sebastian Pipping
9592ce6771 Make hash salt setter/getter go up to the very top (issue #31) 2017-05-30 20:50:40 +02:00
Sebastian Pipping
11f5e68e30 Detect XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2 (issue #33) 2017-05-29 00:03:02 +02:00
Sebastian Pipping
4be2cb5afc Detect overflow from len=INT_MAX call to XML_Parse
Relevant only when XML_CONTEXT_BYTES not defined
2017-05-28 23:11:00 +02:00
Sebastian Pipping
70db8d2538 Reject negative length call to XML_Parse 2017-05-28 21:35:12 +02:00
Sebastian Pipping
6a747c837c Set errorCode for XML_Parse on NULL parser
Related to 56c75720c2
2017-05-28 21:31:58 +02:00
Sebastian Pipping
50db475431 Address unused variable warning (for XML_CONTEXT_BYTES not defined) 2017-05-28 20:50:43 +02:00
Sebastian Pipping
84f9ca1066 Fix sharing of hash salt across parsers (issue #31)
This affects when XML_ExternalEntityParserCreate was called
prior to XML_Parse.
2017-05-28 17:32:28 +02:00
Sebastian Pipping
ad8521ca84 Pull out shared variable and is-unused marker 2017-05-25 21:55:05 +02:00
Sebastian Pipping
04ad658bd3 Pull parser instance address out of entropy equation to not leak that information 2017-05-25 21:15:36 +02:00
Sebastian Pipping
7a93938687 Start using arc4random_buf with BSD and libbsd 2017-05-25 21:15:36 +02:00
Sebastian Pipping
c9cc7dd3d7 Start using getrandom for entropy extraction with glibc 2.25+ 2017-05-25 20:08:23 +02:00
Sebastian Pipping
01e78c377b Start using RtlGenRandom for entropy extraction on WinXP and later 2017-05-25 20:07:01 +02:00
Sebastian Pipping
50e0dd88f0 Visual Studio 20xx: No longer define WIN32 2017-05-25 15:25:18 +02:00
Sebastian Pipping
8f25f91e9e Replace WIN32 by _WIN32 in code 2017-05-25 15:25:18 +02:00
Rhodri James
a4dc944f37 Prevent use of uninitialised variable
I don't believe the value of 'next' is actually used if it is not
set by the tokenizer, but this is very hard to prove.  For safety,
we give it a safe default value.
2017-05-24 22:03:43 +02:00
Sebastian Pipping
9ed727064b Validate parser parameter to XML_UseParserAsHandlerArg 2017-05-24 21:09:23 +02:00
Sebastian Pipping
b070843f5b Make XML_GetInputContext parameter validation more flexible 2017-05-24 20:52:16 +02:00
Rhodri James
ea1f407c06 Validate parser parameter to XML_DefaultCurrent 2017-05-24 20:49:40 +02:00
Rhodri James
581a4c7ccf Validate parser parameter to XML_MemFree 2017-05-24 20:49:40 +02:00
Rhodri James
fad8400108 Validate parser parameter to XML_MemRealloc 2017-05-24 20:49:40 +02:00
Rhodri James
cca6cdc5f8 Validate parser parameter to XML_MemMalloc 2017-05-24 20:49:40 +02:00
Rhodri James
cbfaa23428 Validate parser parameter to XML_FreeContentModel 2017-05-24 20:49:40 +02:00
Rhodri James
11ec6aefd1 Validate parser parameter to XML_GetCurrentColumnNumber 2017-05-24 20:49:40 +02:00
Rhodri James
1bf78fe1fb Validate parser parameter to XML_GetCurrentLineNumber 2017-05-24 20:49:40 +02:00
Rhodri James
88731abd62 Validate parameters to XML_GetInputContext 2017-05-24 20:49:40 +02:00
Rhodri James
fd2571b27a Validate parser parameter to XML_GetCurrentByteCount 2017-05-24 20:49:40 +02:00
Rhodri James
2253c12304 Validate the parser parameter to XML_GetCurrentByteIndex 2017-05-24 20:49:40 +02:00
Rhodri James
1c365fc049 Validate parser parameter to XML_GetErrorCode 2017-05-24 20:49:40 +02:00
Rhodri James
253c68928e Validate parser parameter for XML_GetParsingStatus 2017-05-24 20:49:40 +02:00
Rhodri James
fadc9db44c Validate parser parameter for XML_ResumeParser 2017-05-24 20:49:40 +02:00
Rhodri James
9ce48e786c Validate parser parameter for XML_StopParser 2017-05-24 20:49:40 +02:00
Rhodri James
49c4ad9210 Validate parser parameter for XML_GetBuffer 2017-05-24 20:49:40 +02:00