xzyang / rpms / libxml2

Forked from rpms/libxml2 3 years ago
Clone

Blame SOURCES/libxml2-Avoid-building-recursive-entities.patch

6dedca
From 2fc95df152622cf5cf1d478af6ed3538e170118b Mon Sep 17 00:00:00 2001
6dedca
From: Daniel Veillard <veillard@redhat.com>
6dedca
Date: Mon, 23 May 2016 12:27:58 +0800
6dedca
Subject: [PATCH] Avoid building recursive entities
6dedca
To: libvir-list@redhat.com
6dedca
6dedca
For https://bugzilla.gnome.org/show_bug.cgi?id=762100
6dedca
6dedca
When we detect a recusive entity we should really not
6dedca
build the associated data, moreover if someone bypass
6dedca
libxml2 fatal errors and still tries to serialize a broken
6dedca
entity make sure we don't risk to get ito a recursion
6dedca
6dedca
* parser.c: xmlParserEntityCheck() don't build if entity loop
6dedca
  were found and remove the associated text content
6dedca
* tree.c: xmlStringGetNodeList() avoid a potential recursion
6dedca
6dedca
Signed-off-by: Daniel Veillard <veillard@redhat.com>
6dedca
---
6dedca
 parser.c | 6 +++++-
6dedca
 tree.c   | 1 +
6dedca
 2 files changed, 6 insertions(+), 1 deletion(-)
6dedca
6dedca
diff --git a/parser.c b/parser.c
6dedca
index 32293d0..2ae44c5 100644
6dedca
--- a/parser.c
6dedca
+++ b/parser.c
6dedca
@@ -138,7 +138,8 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
6dedca
      * entities problems
6dedca
      */
6dedca
     if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) &&
6dedca
-	(ent->content != NULL) && (ent->checked == 0)) {
6dedca
+	(ent->content != NULL) && (ent->checked == 0) &&
6dedca
+	(ctxt->errNo != XML_ERR_ENTITY_LOOP)) {
6dedca
 	unsigned long oldnbent = ctxt->nbentities;
6dedca
 	xmlChar *rep;
6dedca
 
6dedca
@@ -148,6 +149,9 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
6dedca
 	rep = xmlStringDecodeEntities(ctxt, ent->content,
6dedca
 				  XML_SUBSTITUTE_REF, 0, 0, 0);
6dedca
         --ctxt->depth;
6dedca
+	if (ctxt->errNo == XML_ERR_ENTITY_LOOP) {
6dedca
+	    ent->content[0] = 0;
6dedca
+	}
6dedca
 
6dedca
 	ent->checked = (ctxt->nbentities - oldnbent + 1) * 2;
6dedca
 	if (rep != NULL) {
6dedca
diff --git a/tree.c b/tree.c
6dedca
index 7e5af26..83ec66f 100644
6dedca
--- a/tree.c
6dedca
+++ b/tree.c
6dedca
@@ -1588,6 +1588,7 @@ xmlStringGetNodeList(xmlDocPtr doc, const xmlChar *value) {
6dedca
 			else if ((ent != NULL) && (ent->children == NULL)) {
6dedca
 			    xmlNodePtr temp;
6dedca
 
6dedca
+			    ent->children = (xmlNodePtr) -1;
6dedca
 			    ent->children = xmlStringGetNodeList(doc,
6dedca
 				    (const xmlChar*)node->content);
6dedca
 			    ent->owner = 1;
6dedca
-- 
6dedca
2.5.5
6dedca