Attachment 475456 Details for Bug 621126 – libxml2-CVE-2016-9318.patch

[patch] libxml2-CVE-2016-9318.patch

libxml2-CVE-2016-9318.patch (text/plain), 7.56 KB, created by Andrey Ovcharov on 2017-06-07 13:32:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrey Ovcharov

Created: 2017-06-07 13:32:31 UTC

Size: 7.56 KB

patch

obsolete

>From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001
>From: Doran Moppert <dmoppert@redhat.com>
>Date: Fri, 7 Apr 2017 16:45:56 +0200
>Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading
> even local
>
>For https://bugzilla.gnome.org/show_bug.cgi?id=772726
>
>* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE
>* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine
>* include/libxml/xmlerror.h: new error raised
>* xmllint.c: adds --noxxe flag to activate the option
>
>Upstream-Status: Backport
>CVE: CVE-2016-9318
>
>Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
>---
> elfgcchack.h              | 10 ++++++++++
> include/libxml/parser.h   |  3 ++-
> include/libxml/xmlIO.h    |  8 ++++++++
> include/libxml/xmlerror.h |  1 +
> parser.c                  |  4 ++++
> xmlIO.c                   | 40 +++++++++++++++++++++++++++++++++++-----
> xmllint.c                 |  5 +++++
> 7 files changed, 65 insertions(+), 6 deletions(-)
>
>diff --git a/elfgcchack.h b/elfgcchack.h
>index 8c52884..1b81dcd 100644
>--- a/elfgcchack.h
>+++ b/elfgcchack.h
>@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
> #endif
> #endif
> 
>+#ifdef bottom_xmlIO
>+#undef xmlNoXxeExternalEntityLoader
>+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
>+#else
>+#ifndef xmlNoXxeExternalEntityLoader
>+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
>+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
>+#endif
>+#endif
>+
> #ifdef bottom_tree
> #undef xmlNodeAddContent
> extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
>diff --git a/include/libxml/parser.h b/include/libxml/parser.h
>index 47fbec0..63ca1b9 100644
>--- a/include/libxml/parser.h
>+++ b/include/libxml/parser.h
>@@ -1111,7 +1111,8 @@ typedef enum {
>     XML_PARSE_HUGE      = 1<<19,/* relax any hardcoded limit from the parser */
>     XML_PARSE_OLDSAX    = 1<<20,/* parse using SAX2 interface before 2.7.0 */
>     XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
>-    XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
>+    XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
>+    XML_PARSE_NOXXE	= 1<<23 /* Forbid any external entity loading */
> } xmlParserOption;
> 
> XMLPUBFUN void XMLCALL
>diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
>index 3e41744..8d3fdef 100644
>--- a/include/libxml/xmlIO.h
>+++ b/include/libxml/xmlIO.h
>@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
> 					 xmlParserCtxtPtr ctxt);
> 
> /*
>+ * A predefined entity loader external entity expansion
>+ */
>+XMLPUBFUN xmlParserInputPtr XMLCALL
>+	xmlNoXxeExternalEntityLoader	(const char *URL,
>+					 const char *ID,
>+					 xmlParserCtxtPtr ctxt);
>+
>+/*
>  * xmlNormalizeWindowsPath is obsolete, don't use it.
>  * Check xmlCanonicPath in uri.h for a better alternative.
>  */
>diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
>index 037c16d..3036062 100644
>--- a/include/libxml/xmlerror.h
>+++ b/include/libxml/xmlerror.h
>@@ -470,6 +470,7 @@ typedef enum {
>     XML_IO_EADDRINUSE, /* 1554 */
>     XML_IO_EALREADY, /* 1555 */
>     XML_IO_EAFNOSUPPORT, /* 1556 */
>+    XML_IO_ILLEGAL_XXE, /* 1557 */
>     XML_XINCLUDE_RECURSION=1600,
>     XML_XINCLUDE_PARSE_VALUE, /* 1601 */
>     XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
>diff --git a/parser.c b/parser.c
>index 53a6b7f..609a270 100644
>--- a/parser.c
>+++ b/parser.c
>@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
> 	ctxt->options |= XML_PARSE_NONET;
>         options -= XML_PARSE_NONET;
>     }
>+    if (options & XML_PARSE_NOXXE) {
>+	ctxt->options |= XML_PARSE_NOXXE;
>+        options -= XML_PARSE_NOXXE;
>+    }
>     if (options & XML_PARSE_COMPACT) {
> 	ctxt->options |= XML_PARSE_COMPACT;
>         options -= XML_PARSE_COMPACT;
>diff --git a/xmlIO.c b/xmlIO.c
>index 1a79c09..304f822 100644
>--- a/xmlIO.c
>+++ b/xmlIO.c
>@@ -210,6 +210,7 @@ static const char *IOerr[] = {
>     "adddress in use",		/* EADDRINUSE */
>     "already in use",		/* EALREADY */
>     "unknown address familly",	/* EAFNOSUPPORT */
>+    "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
> };
> 
> #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
>@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
>     xmlGenericError(xmlGenericErrorContext,
>                     "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
> #endif
>-    if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
>+    if (ctxt != NULL) {
>         int options = ctxt->options;
> 
>-	ctxt->options -= XML_PARSE_NONET;
>-        ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
>-	ctxt->options = options;
>-	return(ret);
>+        if (options & XML_PARSE_NOXXE) {
>+            ctxt->options -= XML_PARSE_NOXXE;
>+            ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
>+            ctxt->options = options;
>+            return(ret);
>+        }
>+ 
>+        if (options & XML_PARSE_NONET) {
>+            ctxt->options -= XML_PARSE_NONET;
>+            ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
>+            ctxt->options = options;
>+            return(ret);
>+        }
>     }
> #ifdef LIBXML_CATALOG_ENABLED
>     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
>@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
>     xmlParserInputPtr input = NULL;
>     xmlChar *resource = NULL;
> 
>+    if (ctxt == NULL) {
>+        return(NULL);
>+    }
>+    if (ctxt->input_id == 1) {
>+        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
>+    }
>+
> #ifdef LIBXML_CATALOG_ENABLED
>     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
> #endif
>@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
>     return(input);
> }
> 
>+xmlParserInputPtr
>+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
>+                          xmlParserCtxtPtr ctxt) {
>+    if (ctxt == NULL) {
>+        return(NULL);
>+    }
>+    if (ctxt->input_id == 1) {
>+        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
>+    }
>+    xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
>+    return(NULL);
>+}
>+
> #define bottom_xmlIO
> #include "elfgcchack.h"
>diff --git a/xmllint.c b/xmllint.c
>index 67f7adb..d9368c1 100644
>--- a/xmllint.c
>+++ b/xmllint.c
>@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
>     printf("\t--path 'paths': provide a set of paths for resources\n");
>     printf("\t--load-trace : print trace of all external entities loaded\n");
>     printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
>+    printf("\t--noxxe : forbid any external entity loading\n");
>     printf("\t--nocompact : do not generate compact text nodes\n");
>     printf("\t--htmlout : output results as HTML\n");
>     printf("\t--nowrap : do not put HTML doc wrapper\n");
>@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
>                    (!strcmp(argv[i], "--nonet"))) {
> 	    options |= XML_PARSE_NONET;
> 	    xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
>+        } else if ((!strcmp(argv[i], "-noxxe")) ||
>+                   (!strcmp(argv[i], "--noxxe"))) {
>+	    options |= XML_PARSE_NOXXE;
>+	    xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
>         } else if ((!strcmp(argv[i], "-nocompact")) ||
>                    (!strcmp(argv[i], "--nocompact"))) {
> 	    options &= ~XML_PARSE_COMPACT;
>-- 
>2.10.2
>

Actions: View | Diff

Attachments on bug 621126: 475456