|
|
1c8959 |
From 2fc95df152622cf5cf1d478af6ed3538e170118b Mon Sep 17 00:00:00 2001
|
|
|
1c8959 |
From: Daniel Veillard <veillard@redhat.com>
|
|
|
1c8959 |
Date: Mon, 23 May 2016 12:27:58 +0800
|
|
|
1c8959 |
Subject: [PATCH] Avoid building recursive entities
|
|
|
1c8959 |
To: libvir-list@redhat.com
|
|
|
1c8959 |
|
|
|
1c8959 |
For https://bugzilla.gnome.org/show_bug.cgi?id=762100
|
|
|
1c8959 |
|
|
|
1c8959 |
When we detect a recusive entity we should really not
|
|
|
1c8959 |
build the associated data, moreover if someone bypass
|
|
|
1c8959 |
libxml2 fatal errors and still tries to serialize a broken
|
|
|
1c8959 |
entity make sure we don't risk to get ito a recursion
|
|
|
1c8959 |
|
|
|
1c8959 |
* parser.c: xmlParserEntityCheck() don't build if entity loop
|
|
|
1c8959 |
were found and remove the associated text content
|
|
|
1c8959 |
* tree.c: xmlStringGetNodeList() avoid a potential recursion
|
|
|
1c8959 |
|
|
|
1c8959 |
Signed-off-by: Daniel Veillard <veillard@redhat.com>
|
|
|
1c8959 |
---
|
|
|
1c8959 |
parser.c | 6 +++++-
|
|
|
1c8959 |
tree.c | 1 +
|
|
|
1c8959 |
2 files changed, 6 insertions(+), 1 deletion(-)
|
|
|
1c8959 |
|
|
|
1c8959 |
diff --git a/parser.c b/parser.c
|
|
|
1c8959 |
index 32293d0..2ae44c5 100644
|
|
|
1c8959 |
--- a/parser.c
|
|
|
1c8959 |
+++ b/parser.c
|
|
|
1c8959 |
@@ -138,7 +138,8 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
|
|
|
1c8959 |
* entities problems
|
|
|
1c8959 |
*/
|
|
|
1c8959 |
if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) &&
|
|
|
1c8959 |
- (ent->content != NULL) && (ent->checked == 0)) {
|
|
|
1c8959 |
+ (ent->content != NULL) && (ent->checked == 0) &&
|
|
|
1c8959 |
+ (ctxt->errNo != XML_ERR_ENTITY_LOOP)) {
|
|
|
1c8959 |
unsigned long oldnbent = ctxt->nbentities;
|
|
|
1c8959 |
xmlChar *rep;
|
|
|
1c8959 |
|
|
|
1c8959 |
@@ -148,6 +149,9 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
|
|
|
1c8959 |
rep = xmlStringDecodeEntities(ctxt, ent->content,
|
|
|
1c8959 |
XML_SUBSTITUTE_REF, 0, 0, 0);
|
|
|
1c8959 |
--ctxt->depth;
|
|
|
1c8959 |
+ if (ctxt->errNo == XML_ERR_ENTITY_LOOP) {
|
|
|
1c8959 |
+ ent->content[0] = 0;
|
|
|
1c8959 |
+ }
|
|
|
1c8959 |
|
|
|
1c8959 |
ent->checked = (ctxt->nbentities - oldnbent + 1) * 2;
|
|
|
1c8959 |
if (rep != NULL) {
|
|
|
1c8959 |
diff --git a/tree.c b/tree.c
|
|
|
1c8959 |
index 7e5af26..83ec66f 100644
|
|
|
1c8959 |
--- a/tree.c
|
|
|
1c8959 |
+++ b/tree.c
|
|
|
1c8959 |
@@ -1588,6 +1588,7 @@ xmlStringGetNodeList(xmlDocPtr doc, const xmlChar *value) {
|
|
|
1c8959 |
else if ((ent != NULL) && (ent->children == NULL)) {
|
|
|
1c8959 |
xmlNodePtr temp;
|
|
|
1c8959 |
|
|
|
1c8959 |
+ ent->children = (xmlNodePtr) -1;
|
|
|
1c8959 |
ent->children = xmlStringGetNodeList(doc,
|
|
|
1c8959 |
(const xmlChar*)node->content);
|
|
|
1c8959 |
ent->owner = 1;
|
|
|
1c8959 |
--
|
|
|
1c8959 |
2.5.5
|
|
|
1c8959 |
|