Fix places where malloc failures aren't reported.
Introduce new API function xmlAddEntity that returns separate error
codes.
Don't invoke global error handler for low-level errors which should be
handled by higher layers.
Invalid redelcaration warnings will be fixed later.
This commit implements robust detection of entity amplification attacks,
better known as the "billion laughs" attack.
We now limit the size of the document after substitution of entities to
10 times the size before expansion. This guarantees linear behavior by
definition. There already was a similar check before, but the accounting
of "sizeentities" (size of external entities) and "sizeentcopy" (size of
all copies created by entity references) wasn't accurate.
We also need saturation arithmetic since we're historically limited to
"unsigned long" which is 32-bit on many platforms.
A maximum of 10 MB of substitutions is always allowed. This should make
use cases like DITA work which have caused problems in the past.
The old checks based on the number of entities were removed. This is
accounted for by adding a fixed cost to each entity reference.
Entity amplification checks are now enabled even if XML_PARSE_HUGE is
set. This option is mainly used to allow larger text nodes. Most users
were unaware that it also disabled entity expansion checks.
Some of the limits might be adjusted later. If this change turns out to
affect legitimate use cases, we can add a separate parser option to
disable the checks.
Fixes#294.
Fixes#345.
For https://bugzilla.gnome.org/show_bug.cgi?id=689483
It seems there are functions that do use the const qualifier for some of the
arguments, but it seems that there are a lot of functions that don't use it and
probably should.
So I created a patch against 2.9.0 that makes as much as possible const in
tree.h, and changed other files as needed.
There were a lot of cases like "const xmlNodePtr node". This doesn't actually
do anything, there the *pointer* is constant not the object it points to. So I
changed those to "const xmlNode *node".
I also removed some consts, mostly in the Copy functions, because those
functions can actually modify the doc or node they copy from
* xmlreader.c: applied patch from Aswin to fix tree skipping
* include/libxml/entities.h entities.c: fixed a comment and
added a new xmlNewEntity() entry point
* runtest.c: be less verbose
* tree.c: space and tabs cleanups
daniel
svn path=/trunk/; revision=3774
* include/libxml/entities.h entities.c SAX2.c parser.c: rework
the patch to avoid some ABI issue with people allocating
entities structure directly
Daniel
svn path=/trunk/; revision=3773
* include/libxml/entities.h entities.c SAX2.c parser.c: trying to
fix entities behaviour when using SAX, had to extend entities
content and hack on the entities processing code, but that should
fix the long standing bug #159219
Daniel
Synchronized the header files with the library code in order
to assure that all the various conditionals (LIBXML_xxxx_ENABLED)
were the same in both. Modified the API database content to more
accurately reflect the conditionals. Enhanced the generation
of that database. Although there was no substantial change to
any of the library code's logic, a large number of files were
modified to achieve the above, and the configuration script
was enhanced to do some automatic enabling of features (e.g.
--with-xinclude forces --with-xpath). Additionally, all the format
errors discovered by apibuild.py were corrected.
* configure.in: enhanced cross-checking of options
* doc/apibuild.py, doc/elfgcchack.xsl, doc/libxml2-refs.xml,
doc/libxml2-api.xml, gentest.py: changed the usage of the
<cond> element in module descriptions
* elfgcchack.h, testapi.c: regenerated with proper conditionals
* HTMLparser.c, SAX.c, globals.c, tree.c, xmlschemas.c, xpath.c,
testSAX.c: cleaned up conditionals
* include/libxml/[SAX.h, SAX2.h, debugXML.h, encoding.h, entities.h,
hash.h, parser.h, parserInternals.h, schemasInternals.h, tree.h,
valid.h, xlink.h, xmlIO.h, xmlautomata.h, xmlreader.h, xpath.h]:
synchronized the conditionals with the corresponding module code
* doc/examples/tree2.c, doc/examples/xpath1.c, doc/examples/xpath2.c:
added additional conditions required for compilation
* doc/*.html, doc/html/*.html: rebuilt the docs
* include/libxml/*.h include/libxml/*.h.in: modified the file
header to add more informations, painful...
* genChRanges.py genUnicode.py: updated to generate said changes
in headers
* doc/apibuild.py: extract headers, add them to libxml2-api.xml
* *.html *.xsl *.xml: updated the stylesheets to flag geprecated
APIs modules. Updated the stylesheets, some cleanups, regenerated
* doc/html/*.html: regenerated added back book1 and libxml-lib.html
Daniel
* entities.c parser.c tree.c include/libxml/entities.h: Fixed
a really nasty problem raised by a DocBook XSLT transform
provided by Sebastian Bergmann
Daniel
* include/libxml/entities.h: fixing a comment
* valid.c: fixing some troubles with validity check on namespaces
* result/VC/NS3 test/VC/NS3: added a specific regression test
Daniel
* include/libxml/encoding.h include/libxml/entities.h
include/libxml/globals.h include/libxml/parser.h
include/libxml/threads.h include/libxml/tree.h
include/libxml/xmlmemory.h: trying to fix the include mess
Daniel
* entities.c tree.c include/libxml/entities.h: applied patch
from Anthony Jones to implement copy of DTD subtree too. Had
just to keep 2 function private which really ought to become
public ones.
Daniel
* AUTHORS: added William and Bjorn
* include/libxml/*.h *.c README doc/*.html etc.: changed old email to
daniel@veillard.com hopefully I won't have to do this again
* doc/Makefile.am doc/html/*.html: cleanup makefile, checked that
docs can be rebuilt cleanly now
* include/libxml/xml*version.h*: removed include/libxml/xmlversion.h
from CVs it's generated, added include/libxml/xmlwin32version.h
also generated but which should change far less frequently.
* catalog.c nanoftp.c: made sure to include libxml.h not
libxml/xmlversion.h directly
* include/libxml/*.h: include xmlwin32version.h instead of xmlversion.h
when compiling on WIN32 and MSC
Daniel
- xinclude.c xpath.c xpathInternals.h xpointer.c: cleanup
w.r.t. --without-debug and other include points
- catalog.h testCatalog.c: a bit of cleanup and prepare for XML
Catalogs
- configure.in entities.h tree.h HTMLparser.c: removed
--without-corba, made the _private field mandatory
Daniel
Thu Feb 23 02:03:56 CET 2001 Tomasz Koczko <kloczek@pld.org.pl>
* *.c *.h libxml files: moved to libxml directory - this allow
simplify automake/autoconf. Now isn't neccessary hack on
am/ac level for make and remove libxml symlink (modified for this
also configure.in and main Makefile.am). Now automake abilities
are used in best way (like in many other projects with libraries).
* include/win32config.h: moved to libxml directory (now include
directory isn't neccessary).
* Makefile.am, examples/Makefile.am, libxml/Makefile.am:
added empty DEFS and in INCLUDES rest only -I$(top_builddir) -
this allow minimize parameters count passed to libtool script
(now compilation is also slyghtly more quiet).
* configure.in: simplifies libzdetestion - prepare separated
variables for keep libz name and path to libz header files isn't
realy neccessary (if someone have libz installed in non standard
prefix path to header files ald library can be passed as:
$ CFALGS="-I</libz.h/path>" LDFLAGS="-L</libz/path>" ./configure
* autogen.sh: check now for libxml/entities.h.
After above building libxml pass correctly and also pass
"make install DESTDIR=</install/prefix>" from tar ball generated by
"make dist". Seems ac/am reorganization is finished. This changes
not touches any other things on *.{c,h} files level.
- entities.[ch] xpath.[ch] hash.[ch] debugXML.c tree.h: added/hacked
hash tables from Bjorn Reese <breese@mail1.stofanet.dk>. Switched
XPath functions and XML entities table to them. More to come...
- xmlIO.c: fixed libxml closing FILEs it didn't open.
Daniel
- uri.c tree.c SAX.c parser.c entities.c debugXML.c: finished
the cleanup of the computation of URI references when seeking
external entities. The URI reference string and the resulting
URI are both stored now.
- parser.c HTMLparser.c valid.c nanoftp.c nanohttp.c xpath.c:
large s(n)printf checks and cleanup from Denis Barbier
<barbier@imacs.polytechnique.fr>
- xmlversion.h.in tree.h: couple of SGML declarations for a
possible docbook module.
- result/VC/ : a couple of test output changed due to the change
of the entities URI
Daniel
popped out a couple of bugs and 3 speed issues, there is only
on minor speed issue left. Assorted collection of user reported
bugs and fixes:
- doc/encoding.html: added encoding aliases doc
- doc/xml.html: updates
- encoding.[ch]: added EncodingAliases functions
- entities.[ch] valid.[ch] debugXML.c: removed two serious
bottleneck affecting large DTDs like Docbook
- parser.[ch] xmllint.c: added a pedantic option, will be useful
- SAX.c: redefinition of entities is reported in pedantic mode
- testHTML.c: uninitialized warning from gcc
- uri.c: fixed a couple of bugs
- TODO: added issue raised by Michael
Daniel
- configure.in: 2.1.0 prerelease
- example/Makefile.am example/gjobread.c tree.h: work on
libxml1 libxml2 convergence.
- nanoftp, nanohttp.c: fixed stalled connections probs
- HTMLtree.c SAX.c : support for attribute without values in
HTML for andersca
- valid.c: Fixed most validation + namespace problems
- HTMLparser.c: start document callback for andersca
- debugXML.c xpath.c: lots of XPath fixups from Picdar Technology
- parser.h, SAX.c: serious speed improvement for large
CDATA blocks
- encoding.[ch] xmlIO.[ch]: Improved seriously saving to
different encoding
- config.h.in parser.c xmllint.c: added xmlCheckVersion()
and the LIBXML_TEST_VERSION macro
Daniel
- added check and handling when possibly removing an ID
- fixed some entities problems
- added xmlParseTryOrFinish()
- changed the way struct aredeclared to allow gtk-doc to expose those
- closed#4960
- fixes to libs detection from Albert Chin-A-Young
- preparing 1.8.3 release
Daniel
which allow impressive speed improvement on dataset with large text
pieces, but at the cost of broken binary compatibility and slightly
bigger memory usage. Configure with --with-buffers to activate them,
they are protected with XML_USE_BUFFER_CONTENT define.
- added xmlCleanupPredefinedEntities(), memory allocation cleanup
Daniel