lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-21 14:53:44 +03:00
Code Activity

Revert "Add an XML_PARSE_NOXXE flag to block all entities loading even local"

Browse Source 
This reverts commit 2304078555.

The new flag doesn't work and the change even broke the XML_PARSE_NONET
option.
This commit is contained in:
Nick Wellnhofer
2017-06-06 15:53:42 +02:00
parent 897dffbae3
commit 030b1f7a27
7 changed files with 6 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
elfgcchack.h
View File

@@ -6547,16 +6547,6 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
#endif #endif
#endif #endif
#ifdef bottom_xmlIO
#undef xmlNoXxeExternalEntityLoader
extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
#else
#ifndef xmlNoXxeExternalEntityLoader
extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
#endif
#endif
#ifdef bottom_tree #ifdef bottom_tree
#undef xmlNodeAddContent #undef xmlNodeAddContent
extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias"))); extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));

3
include/libxml/parser.h
View File

@@ -1111,8 +1111,7 @@ typedef enum {
XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */ XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */
XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */ XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */
XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */ XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */ XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */
} xmlParserOption; } xmlParserOption;
XMLPUBFUN void XMLCALL XMLPUBFUN void XMLCALL

8
include/libxml/xmlIO.h
View File

@@ -299,14 +299,6 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
const char *ID, const char *ID,
xmlParserCtxtPtr ctxt); xmlParserCtxtPtr ctxt);
/*
* A predefined entity loader external entity expansion
*/
XMLPUBFUN xmlParserInputPtr XMLCALL
xmlNoXxeExternalEntityLoader (const char *URL,
const char *ID,
xmlParserCtxtPtr ctxt);
/* /*
* xmlNormalizeWindowsPath is obsolete, don't use it. * xmlNormalizeWindowsPath is obsolete, don't use it.
* Check xmlCanonicPath in uri.h for a better alternative. * Check xmlCanonicPath in uri.h for a better alternative.

1
include/libxml/xmlerror.h
View File

@@ -470,7 +470,6 @@ typedef enum {
XML_IO_EADDRINUSE, /* 1554 */ XML_IO_EADDRINUSE, /* 1554 */
XML_IO_EALREADY, /* 1555 */ XML_IO_EALREADY, /* 1555 */
XML_IO_EAFNOSUPPORT, /* 1556 */ XML_IO_EAFNOSUPPORT, /* 1556 */
XML_IO_ILLEGAL_XXE, /* 1557 */
XML_XINCLUDE_RECURSION=1600, XML_XINCLUDE_RECURSION=1600,
XML_XINCLUDE_PARSE_VALUE, /* 1601 */ XML_XINCLUDE_PARSE_VALUE, /* 1601 */
XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */ XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */

4
parser.c
View File

@@ -15314,10 +15314,6 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
ctxt->options |= XML_PARSE_NONET; ctxt->options |= XML_PARSE_NONET;
options -= XML_PARSE_NONET; options -= XML_PARSE_NONET;
} }
if (options & XML_PARSE_NOXXE) {
ctxt->options |= XML_PARSE_NOXXE;
options -= XML_PARSE_NOXXE;
}
if (options & XML_PARSE_COMPACT) { if (options & XML_PARSE_COMPACT) {
ctxt->options |= XML_PARSE_COMPACT; ctxt->options |= XML_PARSE_COMPACT;
options -= XML_PARSE_COMPACT; options -= XML_PARSE_COMPACT;

32
xmlIO.c
View File

@@ -210,7 +210,6 @@ static const char *IOerr[] = {
"adddress in use", /* EADDRINUSE */ "adddress in use", /* EADDRINUSE */
"already in use", /* EALREADY */ "already in use", /* EALREADY */
"unknown address familly", /* EAFNOSUPPORT */ "unknown address familly", /* EAFNOSUPPORT */
"Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
}; };
#if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__) #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
@@ -4054,23 +4053,14 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
xmlGenericError(xmlGenericErrorContext, xmlGenericError(xmlGenericErrorContext,
"xmlDefaultExternalEntityLoader(%s, xxx)\n", URL); "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
#endif #endif
if (ctxt != NULL) { if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
int options = ctxt->options; int options = ctxt->options;
if (options & XML_PARSE_NOXXE) {
ctxt->options -= XML_PARSE_NOXXE;
ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
ctxt->options = options;
return(ret);
}
if (options & XML_PARSE_NONET) {
ctxt->options -= XML_PARSE_NONET; ctxt->options -= XML_PARSE_NONET;
ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
ctxt->options = options; ctxt->options = options;
return(ret); return(ret);
} }
}
#ifdef LIBXML_CATALOG_ENABLED #ifdef LIBXML_CATALOG_ENABLED
resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
#endif #endif
@@ -4170,13 +4160,6 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
xmlParserInputPtr input = NULL; xmlParserInputPtr input = NULL;
xmlChar *resource = NULL; xmlChar *resource = NULL;
if (ctxt == NULL) {
return(NULL);
}
if (ctxt->input_id == 1) {
return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
}
#ifdef LIBXML_CATALOG_ENABLED #ifdef LIBXML_CATALOG_ENABLED
resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
#endif #endif
@@ -4199,18 +4182,5 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
return(input); return(input);
} }
xmlParserInputPtr
xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
xmlParserCtxtPtr ctxt) {
if (ctxt == NULL) {
return(NULL);
}
if (ctxt->input_id == 1) {
return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
}
xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
return(NULL);
}
#define bottom_xmlIO #define bottom_xmlIO
#include "elfgcchack.h" #include "elfgcchack.h"

5
xmllint.c
View File

@@ -3019,7 +3019,6 @@ static void usage(const char *name) {
printf("\t--path 'paths': provide a set of paths for resources\n"); printf("\t--path 'paths': provide a set of paths for resources\n");
printf("\t--load-trace : print trace of all external entities loaded\n"); printf("\t--load-trace : print trace of all external entities loaded\n");
printf("\t--nonet : refuse to fetch DTDs or entities over network\n"); printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
printf("\t--noxxe : forbid any external entity loading\n");
printf("\t--nocompact : do not generate compact text nodes\n"); printf("\t--nocompact : do not generate compact text nodes\n");
printf("\t--htmlout : output results as HTML\n"); printf("\t--htmlout : output results as HTML\n");
printf("\t--nowrap : do not put HTML doc wrapper\n"); printf("\t--nowrap : do not put HTML doc wrapper\n");
@@ -3462,10 +3461,6 @@ main(int argc, char **argv) {
(!strcmp(argv[i], "--nonet"))) { (!strcmp(argv[i], "--nonet"))) {
options |= XML_PARSE_NONET; options |= XML_PARSE_NONET;
xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader); xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
} else if ((!strcmp(argv[i], "-noxxe")) ||
(!strcmp(argv[i], "--noxxe"))) {
options |= XML_PARSE_NOXXE;
xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
} else if ((!strcmp(argv[i], "-nocompact")) || } else if ((!strcmp(argv[i], "-nocompact")) ||
(!strcmp(argv[i], "--nocompact"))) { (!strcmp(argv[i], "--nocompact"))) {
options &= ~XML_PARSE_COMPACT; options &= ~XML_PARSE_COMPACT;