lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-21 14:53:44 +03:00
Code Activity

parser: Don't load external content if only XML_SKIP_IDS is set

Browse Source 
At some point, the `loadsubset` member was augmented to also control
handling of ID attributes in addition to loading of external DTDs. These
two features are unrelated and shouldn't have been mixed. This mistake
was probably inspired by the misnamed XML_DETECT_IDS flag. As a side
effect, setting XML_SKIP_IDS always enabled loading of external DTDs and
parameter entities.

This change makes it possible to ignore IDs without loading external
content. This is a deliberate API change that improves security and is
unlikely to affect users.

This also makes sure that the new XML_PARSE_SKIP_IDS option doesn't
enable unsafe behavior.
This commit is contained in:
Nick Wellnhofer
2025-06-22 14:39:28 +02:00
parent b424bae705
commit e7802738c6
3 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SAX2.c
View File

@@ -272,7 +272,7 @@ xmlSAX2ExternalSubset(void *ctx, const xmlChar *name,
if (ctx == NULL) return; if (ctx == NULL) return;
if ((systemId != NULL) && if ((systemId != NULL) &&
((ctxt->options & XML_PARSE_NO_XXE) == 0) && ((ctxt->options & XML_PARSE_NO_XXE) == 0) &&
(((ctxt->validate) || (ctxt->loadsubset)) && (((ctxt->validate) || (ctxt->loadsubset & ~XML_SKIP_IDS)) &&
(ctxt->wellFormed && ctxt->myDoc))) { (ctxt->wellFormed && ctxt->myDoc))) {
/* /*
* Try to fetch and parse the external subset. * Try to fetch and parse the external subset.

20
include/libxml/parser.h
View File

@@ -477,17 +477,19 @@ struct _xmlParserCtxt {
*/ */
void *_private; void *_private;
/** /**
* @deprecated Use xmlParserOption XML_PARSE_DTDLOAD or * @deprecated Use xmlParserOption XML_PARSE_DTDLOAD,
* XML_PARSE_DTDATTR * XML_PARSE_DTDATTR or XML_PARSE_SKIP_IDS.
* *
* Control loading of the external subset. Other options like * Control loading of the external subset and handling of IDs.
* `validate` can override this value. * Other options like `validate` can override this value.
* *
* - 0: Don't load external subset. * - 0: The default behavior is to process IDs and to ignore
* - XML_DETECT_IDS: Load external subset and store IDs. * the external subset.
* - XML_COMPLETE_ATTRS: Load external subset, store IDs and * - XML_DETECT_IDS: Load external subset. This flag is
* process default attributes. * misnamed. ID handling is only controlled by XML_SKIP_IDS.
* - XML_SKIP_IDS: Load external subset and ignore IDs. * - XML_COMPLETE_ATTRS: Load external subset and process
* default attributes.
* - XML_SKIP_IDS: Ignore IDs.
*/ */
int loadsubset XML_DEPRECATED_MEMBER; int loadsubset XML_DEPRECATED_MEMBER;
/* unused */ /* unused */

2
parser.c
View File

@@ -7647,7 +7647,7 @@ xmlParsePERefInternal(xmlParserCtxt *ctxt, int markupDecl) {
} else { } else {
if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
((ctxt->options & XML_PARSE_NO_XXE) || ((ctxt->options & XML_PARSE_NO_XXE) ||
((ctxt->loadsubset == 0) && (((ctxt->loadsubset & ~XML_SKIP_IDS) == 0) &&
(ctxt->replaceEntities == 0) && (ctxt->replaceEntities == 0) &&
(ctxt->validate == 0)))) (ctxt->validate == 0))))
return; return;