From 2fc95df152622cf5cf1d478af6ed3538e170118b Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Mon, 23 May 2016 12:27:58 +0800 Subject: [PATCH] Avoid building recursive entities To: libvir-list@redhat.com For https://bugzilla.gnome.org/show_bug.cgi?id=762100 When we detect a recusive entity we should really not build the associated data, moreover if someone bypass libxml2 fatal errors and still tries to serialize a broken entity make sure we don't risk to get ito a recursion * parser.c: xmlParserEntityCheck() don't build if entity loop were found and remove the associated text content * tree.c: xmlStringGetNodeList() avoid a potential recursion Signed-off-by: Daniel Veillard --- parser.c | 6 +++++- tree.c | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/parser.c b/parser.c index 32293d0..2ae44c5 100644 --- a/parser.c +++ b/parser.c @@ -138,7 +138,8 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, * entities problems */ if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) && - (ent->content != NULL) && (ent->checked == 0)) { + (ent->content != NULL) && (ent->checked == 0) && + (ctxt->errNo != XML_ERR_ENTITY_LOOP)) { unsigned long oldnbent = ctxt->nbentities; xmlChar *rep; @@ -148,6 +149,9 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, rep = xmlStringDecodeEntities(ctxt, ent->content, XML_SUBSTITUTE_REF, 0, 0, 0); --ctxt->depth; + if (ctxt->errNo == XML_ERR_ENTITY_LOOP) { + ent->content[0] = 0; + } ent->checked = (ctxt->nbentities - oldnbent + 1) * 2; if (rep != NULL) { diff --git a/tree.c b/tree.c index 7e5af26..83ec66f 100644 --- a/tree.c +++ b/tree.c @@ -1588,6 +1588,7 @@ xmlStringGetNodeList(xmlDocPtr doc, const xmlChar *value) { else if ((ent != NULL) && (ent->children == NULL)) { xmlNodePtr temp; + ent->children = (xmlNodePtr) -1; ent->children = xmlStringGetNodeList(doc, (const xmlChar*)node->content); ent->owner = 1; -- 2.5.5