[Expat-bugs] [ expat-Bugs-3500861 ] fix for CVE-2012-0876 breaks "xml" default prefix

SourceForge.net noreply at sourceforge.net
Sat Mar 10 18:41:24 CET 2012


Bugs item #3500861, was opened at 2012-03-09 18:37
Message generated for change (Comment added) made by kwaclaw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3500861&group_id=10127

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: Test Required
Status: Open
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Marien Zwart (marienz)
Assigned to: Karl Waclawek (kwaclaw)
Summary: fix for CVE-2012-0876 breaks "xml" default prefix

Initial Comment:
expat-2.1.0-beta2 will fail a namespace-aware parse of a document relying on the "xml" being bound by default, like the following test document:

<?xml version="1.0"?>
<root xml:whitespace="preserve"/>

xmlwf -n on that document returns "2:0: unbound prefix", while xmlwf from expat 2.0.1 succeeds.

This seems to be caused by the call to setContext(parser, implicitContext) adding that default prefix happening too early (before hash_secret_salt is initialized).

----------------------------------------------------------------------

>Comment By: Karl Waclawek (kwaclaw)
Date: 2012-03-10 09:41

Message:
Fixed in xmlparse.c  rev 1.169. Please test.

----------------------------------------------------------------------

Comment By: Karl Waclawek (kwaclaw)
Date: 2012-03-10 09:31

Message:
Yes, your analysis is correct, the hash function was used before the salt
was set.
I will have to move the setContext() call right after the
generate_hash_secret_salt() call.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3500861&group_id=10127


More information about the Expat-bugs mailing list