lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-11-03 20:33:18 +03:00
Code Activity

parser: Implement XML_PARSE_NO_UNZIP option

Browse Source
This commit is contained in:
Nick Wellnhofer
2024-06-11 00:00:32 +02:00
parent 1432949d3c
commit ff3b091910
5 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/libxml/parser.h
View File

@@ -1243,7 +1243,10 @@ typedef enum {
XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */ XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */
XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */ XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
XML_PARSE_NO_XXE = 1<<23 /* disable loading of external content */ /* since 2.13.0 */
XML_PARSE_NO_XXE = 1<<23,/* disable loading of external content */
/* since 2.14.0 */
XML_PARSE_NO_UNZIP = 1<<24 /* disable compressed content */
} xmlParserOption; } xmlParserOption;
XMLPUBFUN void XMLPUBFUN void

1
include/private/parser.h
View File

@@ -90,6 +90,7 @@ xmlParserNsLookupSax(xmlParserCtxtPtr ctxt, const xmlChar *prefix);
#define XML_INPUT_BUF_STATIC (1u << 1) #define XML_INPUT_BUF_STATIC (1u << 1)
#define XML_INPUT_BUF_ZERO_TERMINATED (1u << 2) #define XML_INPUT_BUF_ZERO_TERMINATED (1u << 2)
#define XML_INPUT_UNZIP (1u << 3)
XML_HIDDEN xmlParserInputPtr XML_HIDDEN xmlParserInputPtr
xmlNewInputURL(xmlParserCtxtPtr ctxt, const char *url, const char *publicId, xmlNewInputURL(xmlParserCtxtPtr ctxt, const char *url, const char *publicId,

7
parser.c
View File

@@ -13578,6 +13578,13 @@ xmlCtxtSetOptionsInternal(xmlParserCtxtPtr ctxt, int options, int keepMask)
* *
* Enable reporting of line numbers larger than 65535. * Enable reporting of line numbers larger than 65535.
* *
* XML_PARSE_NO_UNZIP
*
* Disables input decompression. Setting this option is recommended
* to avoid zip bombs.
*
* Available since 2.14.0.
*
* Returns 0 in case of success, the set of unknown or unimplemented options * Returns 0 in case of success, the set of unknown or unimplemented options
* in case of error. * in case of error.
*/ */

6
parserInternals.c
View File

@@ -2050,8 +2050,12 @@ xmlNewInputFromFile(xmlParserCtxtPtr ctxt, const char *filename) {
if (buf == NULL) if (buf == NULL)
code = XML_IO_ENOENT; code = XML_IO_ENOENT;
} else { } else {
int flags = 0;
if ((ctxt->options & XML_PARSE_NO_UNZIP) == 0)
flags |= XML_INPUT_UNZIP;
code = xmlParserInputBufferCreateUrl(filename, XML_CHAR_ENCODING_NONE, code = xmlParserInputBufferCreateUrl(filename, XML_CHAR_ENCODING_NONE,
0, &buf); flags, &buf);
} }
if (code != XML_ERR_OK) { if (code != XML_ERR_OK) {
xmlCtxtErrIO(ctxt, code, filename); xmlCtxtErrIO(ctxt, code, filename);

9
xmlIO.c
View File

@@ -1106,10 +1106,13 @@ xmlIODefaultMatch(const char *filename ATTRIBUTE_UNUSED) {
*/ */
static int static int
xmlInputDefaultOpen(xmlParserInputBufferPtr buf, const char *filename, xmlInputDefaultOpen(xmlParserInputBufferPtr buf, const char *filename,
int flags ATTRIBUTE_UNUSED) { int flags) {
int ret; int ret;
int fd; int fd;
/* Avoid unused variable warning */
(void) flags;
#ifdef LIBXML_FTP_ENABLED #ifdef LIBXML_FTP_ENABLED
if (xmlIOFTPMatch(filename)) { if (xmlIOFTPMatch(filename)) {
buf->context = xmlIOFTPOpen(filename); buf->context = xmlIOFTPOpen(filename);
@@ -1138,7 +1141,7 @@ xmlInputDefaultOpen(xmlParserInputBufferPtr buf, const char *filename,
return(XML_IO_ENOENT); return(XML_IO_ENOENT);
#ifdef LIBXML_LZMA_ENABLED #ifdef LIBXML_LZMA_ENABLED
{ if (flags & XML_INPUT_UNZIP) {
xzFile xzStream; xzFile xzStream;
ret = xmlFdOpen(filename, 0, &fd); ret = xmlFdOpen(filename, 0, &fd);
@@ -1165,7 +1168,7 @@ xmlInputDefaultOpen(xmlParserInputBufferPtr buf, const char *filename,
#endif /* LIBXML_LZMA_ENABLED */ #endif /* LIBXML_LZMA_ENABLED */
#ifdef LIBXML_ZLIB_ENABLED #ifdef LIBXML_ZLIB_ENABLED
{ if (flags & XML_INPUT_UNZIP) {
gzFile gzStream; gzFile gzStream;
ret = xmlFdOpen(filename, 0, &fd); ret = xmlFdOpen(filename, 0, &fd);