From 09026b496f801ac713e3efa3af0ef80de3f7df52 Mon Sep 17 00:00:00 2001
From: Andrey Volk <andywolk@gmail.com>
Date: Tue, 25 Feb 2025 15:05:28 +0300
Subject: [PATCH] [xmlrpc-c] Expat/xmltok: Add missing validation of encoding

---
 libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c b/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c
index 2bbc8db600..12adca4416 100644
--- a/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c
+++ b/libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c
@@ -32,7 +32,7 @@ See the file copying.txt for copying permission.
    case BT_LEAD ## n: \
      if (end - ptr < n) \
        return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NAME_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
        *nextTokPtr = ptr; \
        return XML_TOK_INVALID; \
      } \
@@ -60,7 +60,7 @@ See the file copying.txt for copying permission.
    case BT_LEAD ## n: \
      if (end - ptr < n) \
        return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
        *nextTokPtr = ptr; \
        return XML_TOK_INVALID; \
      } \
@@ -1157,6 +1157,10 @@ int PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
   case BT_LEAD ## n: \
     if (end - ptr < n) \
       return XML_TOK_PARTIAL_CHAR; \
+    if (IS_INVALID_CHAR(enc, ptr, n)) { \
+      *nextTokPtr = ptr; \
+      return XML_TOK_INVALID; \
+    } \
     if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
       ptr += n; \
       tok = XML_TOK_NAME; \