From 51c7019069b862e88d94ed228659e70bddd5de09 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 21 Oct 2024 01:42:54 +0200
Subject: [PATCH 1/2] lib: Make XML_StopParser refuse to stop/suspend an
 unstarted parser

CVE: CVE-2024-50602
Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/51c7019069b862e88d94ed228659e70bddd5de09]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 expat/lib/expat.h    | 4 +++-
 expat/lib/xmlparse.c | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/expat.h b/lib/expat.h
index d0d6015a..3ba61304 100644
--- a/lib/expat.h
+++ b/lib/expat.h
@@ -127,7 +127,9 @@ enum XML_Error {
   /* Added in 2.3.0. */
   XML_ERROR_NO_BUFFER,
   /* Added in 2.4.0. */
-  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
+  XML_ERROR_AMPLIFICATION_LIMIT_BREACH,
+  /* Added in 2.6.4. */
+  XML_ERROR_NOT_STARTED,
 };
 
 enum XML_Content_Type {
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index d9285b21..fa02537f 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -2189,6 +2189,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
   if (parser == NULL)
     return XML_STATUS_ERROR;
   switch (parser->m_parsingStatus.parsing) {
+  case XML_INITIALIZED:
+    parser->m_errorCode = XML_ERROR_NOT_STARTED;
+    return XML_STATUS_ERROR;
   case XML_SUSPENDED:
     if (resumable) {
       parser->m_errorCode = XML_ERROR_SUSPENDED;
@@ -2474,6 +2477,9 @@ XML_ErrorString(enum XML_Error code) {
   case XML_ERROR_AMPLIFICATION_LIMIT_BREACH:
     return XML_L(
         "limit on input amplification factor (from DTD and entities) breached");
+  /* Added in 2.6.4. */
+  case XML_ERROR_NOT_STARTED:
+    return XML_L("parser not started");
   }
   return NULL;
 }
-- 
2.30.2