Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 475456 Details for
Bug 621126
dev-libs/libxml2-2.9.4-r1 CVE-2016-9318
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libxml2-CVE-2016-9318.patch
libxml2-CVE-2016-9318.patch (text/plain), 7.56 KB, created by
Andrey Ovcharov
on 2017-06-07 13:32:31 UTC
(
hide
)
Description:
libxml2-CVE-2016-9318.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2017-06-07 13:32:31 UTC
Size:
7.56 KB
patch
obsolete
>From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001 >From: Doran Moppert <dmoppert@redhat.com> >Date: Fri, 7 Apr 2017 16:45:56 +0200 >Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading > even local > >For https://bugzilla.gnome.org/show_bug.cgi?id=772726 > >* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE >* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine >* include/libxml/xmlerror.h: new error raised >* xmllint.c: adds --noxxe flag to activate the option > >Upstream-Status: Backport >CVE: CVE-2016-9318 > >Signed-off-by: Catalin Enache <catalin.enache@windriver.com> >--- > elfgcchack.h | 10 ++++++++++ > include/libxml/parser.h | 3 ++- > include/libxml/xmlIO.h | 8 ++++++++ > include/libxml/xmlerror.h | 1 + > parser.c | 4 ++++ > xmlIO.c | 40 +++++++++++++++++++++++++++++++++++----- > xmllint.c | 5 +++++ > 7 files changed, 65 insertions(+), 6 deletions(-) > >diff --git a/elfgcchack.h b/elfgcchack.h >index 8c52884..1b81dcd 100644 >--- a/elfgcchack.h >+++ b/elfgcchack.h >@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int > #endif > #endif > >+#ifdef bottom_xmlIO >+#undef xmlNoXxeExternalEntityLoader >+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias"))); >+#else >+#ifndef xmlNoXxeExternalEntityLoader >+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden"))); >+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias >+#endif >+#endif >+ > #ifdef bottom_tree > #undef xmlNodeAddContent > extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias"))); >diff --git a/include/libxml/parser.h b/include/libxml/parser.h >index 47fbec0..63ca1b9 100644 >--- a/include/libxml/parser.h >+++ b/include/libxml/parser.h >@@ -1111,7 +1111,8 @@ typedef enum { > XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */ > XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */ > XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */ >- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */ >+ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */ >+ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */ > } xmlParserOption; > > XMLPUBFUN void XMLCALL >diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h >index 3e41744..8d3fdef 100644 >--- a/include/libxml/xmlIO.h >+++ b/include/libxml/xmlIO.h >@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL > xmlParserCtxtPtr ctxt); > > /* >+ * A predefined entity loader external entity expansion >+ */ >+XMLPUBFUN xmlParserInputPtr XMLCALL >+ xmlNoXxeExternalEntityLoader (const char *URL, >+ const char *ID, >+ xmlParserCtxtPtr ctxt); >+ >+/* > * xmlNormalizeWindowsPath is obsolete, don't use it. > * Check xmlCanonicPath in uri.h for a better alternative. > */ >diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h >index 037c16d..3036062 100644 >--- a/include/libxml/xmlerror.h >+++ b/include/libxml/xmlerror.h >@@ -470,6 +470,7 @@ typedef enum { > XML_IO_EADDRINUSE, /* 1554 */ > XML_IO_EALREADY, /* 1555 */ > XML_IO_EAFNOSUPPORT, /* 1556 */ >+ XML_IO_ILLEGAL_XXE, /* 1557 */ > XML_XINCLUDE_RECURSION=1600, > XML_XINCLUDE_PARSE_VALUE, /* 1601 */ > XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */ >diff --git a/parser.c b/parser.c >index 53a6b7f..609a270 100644 >--- a/parser.c >+++ b/parser.c >@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi > ctxt->options |= XML_PARSE_NONET; > options -= XML_PARSE_NONET; > } >+ if (options & XML_PARSE_NOXXE) { >+ ctxt->options |= XML_PARSE_NOXXE; >+ options -= XML_PARSE_NOXXE; >+ } > if (options & XML_PARSE_COMPACT) { > ctxt->options |= XML_PARSE_COMPACT; > options -= XML_PARSE_COMPACT; >diff --git a/xmlIO.c b/xmlIO.c >index 1a79c09..304f822 100644 >--- a/xmlIO.c >+++ b/xmlIO.c >@@ -210,6 +210,7 @@ static const char *IOerr[] = { > "adddress in use", /* EADDRINUSE */ > "already in use", /* EALREADY */ > "unknown address familly", /* EAFNOSUPPORT */ >+ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */ > }; > > #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__) >@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID, > xmlGenericError(xmlGenericErrorContext, > "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL); > #endif >- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) { >+ if (ctxt != NULL) { > int options = ctxt->options; > >- ctxt->options -= XML_PARSE_NONET; >- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); >- ctxt->options = options; >- return(ret); >+ if (options & XML_PARSE_NOXXE) { >+ ctxt->options -= XML_PARSE_NOXXE; >+ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt); >+ ctxt->options = options; >+ return(ret); >+ } >+ >+ if (options & XML_PARSE_NONET) { >+ ctxt->options -= XML_PARSE_NONET; >+ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); >+ ctxt->options = options; >+ return(ret); >+ } > } > #ifdef LIBXML_CATALOG_ENABLED > resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); >@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, > xmlParserInputPtr input = NULL; > xmlChar *resource = NULL; > >+ if (ctxt == NULL) { >+ return(NULL); >+ } >+ if (ctxt->input_id == 1) { >+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); >+ } >+ > #ifdef LIBXML_CATALOG_ENABLED > resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); > #endif >@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, > return(input); > } > >+xmlParserInputPtr >+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID, >+ xmlParserCtxtPtr ctxt) { >+ if (ctxt == NULL) { >+ return(NULL); >+ } >+ if (ctxt->input_id == 1) { >+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); >+ } >+ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL); >+ return(NULL); >+} >+ > #define bottom_xmlIO > #include "elfgcchack.h" >diff --git a/xmllint.c b/xmllint.c >index 67f7adb..d9368c1 100644 >--- a/xmllint.c >+++ b/xmllint.c >@@ -3019,6 +3019,7 @@ static void usage(const char *name) { > printf("\t--path 'paths': provide a set of paths for resources\n"); > printf("\t--load-trace : print trace of all external entities loaded\n"); > printf("\t--nonet : refuse to fetch DTDs or entities over network\n"); >+ printf("\t--noxxe : forbid any external entity loading\n"); > printf("\t--nocompact : do not generate compact text nodes\n"); > printf("\t--htmlout : output results as HTML\n"); > printf("\t--nowrap : do not put HTML doc wrapper\n"); >@@ -3461,6 +3462,10 @@ main(int argc, char **argv) { > (!strcmp(argv[i], "--nonet"))) { > options |= XML_PARSE_NONET; > xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader); >+ } else if ((!strcmp(argv[i], "-noxxe")) || >+ (!strcmp(argv[i], "--noxxe"))) { >+ options |= XML_PARSE_NOXXE; >+ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader); > } else if ((!strcmp(argv[i], "-nocompact")) || > (!strcmp(argv[i], "--nocompact"))) { > options &= ~XML_PARSE_COMPACT; >-- >2.10.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 621126
: 475456