xinclude: Check URI length

Don't report long URIs as OOM errors.
2025-10-27 12:15:34 +03:00 · 2024-07-01 16:01:24 +02:00
parent 37f7237050
commit 16e7ecd478
3 changed files with 14 additions and 3 deletions
--- a/SAX2.c
+++ b/SAX2.c
@@ -31,8 +31,6 @@
 #include "private/parser.h"
 #include "private/tree.h"
 #define XML_MAX_URI_LENGTH 2000
 /*
 * xmlSAX2ErrMemory:
 * @ctxt:  an XML validation parser context
--- a/include/private/parser.h
+++ b/include/private/parser.h
@@ -4,6 +4,8 @@
 #include <libxml/parser.h>
 #include <libxml/xmlversion.h>
 #define XML_MAX_URI_LENGTH 2000
 /**
 * XML_VCTXT_DTD_VALIDATED:
 *
--- a/xinclude.c
+++ b/xinclude.c
@@ -418,6 +418,10 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur) {
            xmlXIncludeErrMemory(ctxt);
 	    goto error;
        }
    } else if (xmlStrlen(href) > XML_MAX_URI_LENGTH) {
        xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI, "URI too long\n",
                       NULL);
        goto error;
    }
    parse = xmlXIncludeGetProp(ctxt, cur, XINCLUDE_PARSE);
@@ -634,7 +638,14 @@ xmlXIncludeBaseFixup(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur, xmlNodePtr copy,
        xmlXIncludeErrMemory(ctxt);
    if ((base != NULL) && !xmlStrEqual(base, targetBase)) {
-        if (xmlBuildRelativeURISafe(base, targetBase, &relBase) < 0) {
+        if ((xmlStrlen(base) > XML_MAX_URI_LENGTH) ||
            (xmlStrlen(targetBase) > XML_MAX_URI_LENGTH)) {
            relBase = xmlStrdup(base);
            if (relBase == NULL) {
                xmlXIncludeErrMemory(ctxt);
                goto done;
            }
        } else if (xmlBuildRelativeURISafe(base, targetBase, &relBase) < 0) {
            xmlXIncludeErrMemory(ctxt);
            goto done;
        }