From 1961208e958ca22f80a0b4e4c9d71cfa050aa982 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Moreno Date: Wed, 17 Dec 2025 15:24:08 +0100 Subject: [PATCH] catalog: prevent inf recursion in xmlCatalogXMLResolveURI Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 --- catalog.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/catalog.c b/catalog.c index 76c063a8b..46b877e62 100644 --- a/catalog.c +++ b/catalog.c @@ -2025,12 +2025,21 @@ static xmlChar * xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) { xmlChar *ret = NULL; xmlChar *urnID = NULL; + xmlCatalogEntryPtr cur = NULL; if (catal == NULL) return(NULL); if (URI == NULL) return(NULL); + if (catal->depth > MAX_CATAL_DEPTH) { + xmlCatalogErr(catal, NULL, XML_CATALOG_RECURSION, + "Detected recursion in catalog %s\n", + catal->name, NULL, NULL); + return(NULL); + } + catal->depth++; + if (!xmlStrncmp(URI, BAD_CAST XML_URN_PUBID, sizeof(XML_URN_PUBID) - 1)) { urnID = xmlCatalogUnWrapURN(URI); if (xmlDebugCatalogs) { @@ -2044,21 +2053,27 @@ xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) { ret = xmlCatalogListXMLResolve(catal, urnID, NULL); if (urnID != NULL) xmlFree(urnID); + catal->depth--; return(ret); } - while (catal != NULL) { - if (catal->type == XML_CATA_CATALOG) { - if (catal->children == NULL) { - xmlFetchXMLCatalogFile(catal); + cur = catal; + while (cur != NULL) { + if (cur->type == XML_CATA_CATALOG) { + if (cur->children == NULL) { + xmlFetchXMLCatalogFile(cur); } - if (catal->children != NULL) { - ret = xmlCatalogXMLResolveURI(catal->children, URI); - if (ret != NULL) + if (cur->children != NULL) { + ret = xmlCatalogXMLResolveURI(cur->children, URI); + if (ret != NULL) { + catal->depth--; return(ret); + } } } - catal = catal->next; + cur = cur->next; } + + catal->depth--; return(ret); }