|
 |
ac5f51 |
Index: gnome-vfs-2.24.2/imported/neon/ne_xml.c
|
|
|
ac5f51 |
===================================================================
|
|
|
ac5f51 |
--- gnome-vfs-2.24.2/imported/neon/ne_xml.c (revision 1687)
|
|
|
ac5f51 |
+++ gnome-vfs-2.24.2/imported/neon/ne_xml.c (revision 1688)
|
|
|
ac5f51 |
@@ -405,6 +405,28 @@
|
|
|
ac5f51 |
destroy_element(elm);
|
|
|
ac5f51 |
}
|
|
|
ac5f51 |
|
|
|
ac5f51 |
+#if defined(HAVE_EXPAT) && XML_MAJOR_VERSION > 1
|
|
|
ac5f51 |
+/* Stop the parser if an entity declaration is hit. */
|
|
|
ac5f51 |
+static void entity_declaration(void *userData, const XML_Char *entityName,
|
|
|
ac5f51 |
+ int is_parameter_entity, const XML_Char *value,
|
|
|
ac5f51 |
+ int value_length, const XML_Char *base,
|
|
|
ac5f51 |
+ const XML_Char *systemId, const XML_Char *publicId,
|
|
|
ac5f51 |
+ const XML_Char *notationName)
|
|
|
ac5f51 |
+{
|
|
|
ac5f51 |
+ ne_xml_parser *parser = userData;
|
|
|
ac5f51 |
+
|
|
|
ac5f51 |
+ NE_DEBUG(NE_DBG_XMLPARSE, "XML: entity declaration [%s]. Failing.\n",
|
|
|
ac5f51 |
+ entityName);
|
|
|
ac5f51 |
+
|
|
|
ac5f51 |
+ XML_StopParser(parser->parser, XML_FALSE);
|
|
|
ac5f51 |
+}
|
|
|
ac5f51 |
+#elif defined(HAVE_EXPAT)
|
|
|
ac5f51 |
+/* A noop default_handler. */
|
|
|
ac5f51 |
+static void default_handler(void *userData, const XML_Char *s, int len)
|
|
|
ac5f51 |
+{
|
|
|
ac5f51 |
+}
|
|
|
ac5f51 |
+#endif
|
|
|
ac5f51 |
+
|
|
|
ac5f51 |
/* Find a namespace definition for 'prefix' in given element, where
|
|
|
ac5f51 |
* length of prefix is 'pfxlen'. Returns the URI or NULL. */
|
|
|
ac5f51 |
static const char *resolve_nspace(const struct element *elm,
|
|
|
ac5f51 |
@@ -459,14 +481,34 @@
|
|
|
ac5f51 |
XML_SetCharacterDataHandler(p->parser, char_data);
|
|
|
ac5f51 |
XML_SetUserData(p->parser, (void *) p);
|
|
|
ac5f51 |
XML_SetXmlDeclHandler(p->parser, decl_handler);
|
|
|
ac5f51 |
+
|
|
|
ac5f51 |
+ /* Prevent the "billion laughs" attack against expat by disabling
|
|
|
ac5f51 |
+ * internal entity expansion. With 2.x, forcibly stop the parser
|
|
|
ac5f51 |
+ * if an entity is declared - this is safer and a more obvious
|
|
|
ac5f51 |
+ * failure mode. With older versions, installing a noop
|
|
|
ac5f51 |
+ * DefaultHandler means that internal entities will be expanded as
|
|
|
ac5f51 |
+ * the empty string, which is also sufficient to prevent the
|
|
|
ac5f51 |
+ * attack. */
|
|
|
ac5f51 |
+#if XML_MAJOR_VERSION > 1
|
|
|
ac5f51 |
+ XML_SetEntityDeclHandler(p->parser, entity_declaration);
|
|
|
ac5f51 |
#else
|
|
|
ac5f51 |
+ XML_SetDefaultHandler(p->parser, default_handler);
|
|
|
ac5f51 |
+#endif
|
|
|
ac5f51 |
+
|
|
|
ac5f51 |
+#else /* HAVE_LIBXML */
|
|
|
ac5f51 |
p->parser = xmlCreatePushParserCtxt(&sax_handler,
|
|
|
ac5f51 |
(void *)p, NULL, 0, NULL);
|
|
|
ac5f51 |
if (p->parser == NULL) {
|
|
|
ac5f51 |
abort();
|
|
|
ac5f51 |
}
|
|
|
ac5f51 |
+#if LIBXML_VERSION < 20602
|
|
|
ac5f51 |
p->parser->replaceEntities = 1;
|
|
|
ac5f51 |
+#else
|
|
|
ac5f51 |
+ /* Enable expansion of entities, and disable network access. */
|
|
|
ac5f51 |
+ xmlCtxtUseOptions(p->parser, XML_PARSE_NOENT | XML_PARSE_NONET);
|
|
|
ac5f51 |
#endif
|
|
|
ac5f51 |
+
|
|
|
ac5f51 |
+#endif /* HAVE_LIBXML || HAVE_EXPAT */
|
|
|
ac5f51 |
return p;
|
|
|
ac5f51 |
}
|
|
|
ac5f51 |
|