rpms / libxml2

Clone
Source Code
GIT

Blame SOURCES/libxml2-Fix-inappropriate-fetch-of-entities-content.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   libxml2-Fix-inappropriate-fetch-of-entities-content.patch
Blob History Raw
6dedca 
From be24335cbc0019894e6222bd817e717c41550c3c Mon Sep 17 00:00:00 2001
6dedca 
From: Daniel Veillard <veillard@redhat.com>
6dedca 
Date: Mon, 14 Mar 2016 17:19:44 +0800
6dedca 
Subject: [PATCH] Fix inappropriate fetch of entities content
6dedca 
To: libvir-list@redhat.com
6dedca
6dedca 
For https://bugzilla.gnome.org/show_bug.cgi?id=761430
6dedca
6dedca 
libfuzzer regression testing exposed another case where the parser would
6dedca 
fetch content of an external entity while not in validating mode.
6dedca 
Plug that hole
6dedca
6dedca 
Signed-off-by: Daniel Veillard <veillard@redhat.com>
6dedca 
---
6dedca 
 parser.c | 16 +++++++++++++++-
6dedca 
 1 file changed, 15 insertions(+), 1 deletion(-)
6dedca
6dedca 
diff --git a/parser.c b/parser.c
6dedca 
index 46ab0e8..1936599 100644
6dedca 
--- a/parser.c
6dedca 
+++ b/parser.c
6dedca 
@@ -2854,7 +2854,21 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
6dedca 
 	        ctxt->nbentities += ent->checked / 2;
6dedca 
 	    if (ent != NULL) {
6dedca 
                 if (ent->content == NULL) {
6dedca 
-		    xmlLoadEntityContent(ctxt, ent);
6dedca 
+		    /*
6dedca 
+		     * Note: external parsed entities will not be loaded,
6dedca 
+		     * it is not required for a non-validating parser to
6dedca 
+		     * complete external PEreferences coming from the
6dedca 
+		     * internal subset
6dedca 
+		     */
6dedca 
+		    if (((ctxt->options & XML_PARSE_NOENT) != 0) ||
6dedca 
+			((ctxt->options & XML_PARSE_DTDVALID) != 0) ||
6dedca 
+			(ctxt->validate != 0)) {
6dedca 
+			xmlLoadEntityContent(ctxt, ent);
6dedca 
+		    } else {
6dedca 
+			xmlWarningMsg(ctxt, XML_ERR_ENTITY_PROCESSING,
6dedca 
+		  "not validating will not read content for PE entity %s\n",
6dedca 
+		                      ent->name, NULL);
6dedca 
+		    }
6dedca 
 		}
6dedca 
 		ctxt->depth++;
6dedca 
 		rep = xmlStringDecodeEntities(ctxt, ent->content, what,
6dedca 
--
6dedca 
2.5.5
6dedca

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation