lib/libxslt
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxslt synced 2025-08-07 10:42:55 +03:00
Code Activity

applied patch from Roland Schwarz and Rob Richards to fix the security

Browse Source 
* libxslt/security.c: applied patch from Roland Schwarz and Rob
  Richards to fix the security file checks on Windows, should 
  close #464432
Daniel

svn path=/trunk/; revision=1440
This commit is contained in:
Daniel Veillard
2007-08-23 13:22:44 +00:00
parent c93245787a
commit 73adc4f001
3 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@@ -1,3 +1,9 @@
Thu Aug 23 15:22:55 CEST 2007 Daniel Veillard <daniel@veillard.com>
* libxslt/security.c: applied patch from Roland Schwarz and Rob
Richards to fix the security file checks on Windows, should
close #464432
Thu Aug 23 21:15:28 HKT 2007 William Brack <wbrack@mmm.com.hk> Thu Aug 23 21:15:28 HKT 2007 William Brack <wbrack@mmm.com.hk>
* tests/general/bug-165.[xsl,out,err], tests/docs/bug-165.xml, * tests/general/bug-165.[xsl,out,err], tests/docs/bug-165.xml,

2
doc/xsltproc.1
View File

@@ -2,7 +2,7 @@
.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
.\" Instead of manually editing it, you probably should edit the DocBook XML .\" Instead of manually editing it, you probably should edit the DocBook XML
.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
.TH "XSLTPROC" "1" "$Date: 2007\-01\-11 20:12:45 +0100 (Thu, 11 Jan 2007) $" "libxslt" "" .TH "XSLTPROC" "1" "$Date: 2007\-08\-23 14:20:49 +0200 (Thu, 23 Aug 2007) $" "libxslt" ""
.\" disable hyphenation .\" disable hyphenation
.nh .nh
.\" disable justification (adjust text to left margin only) .\" disable justification (adjust text to left margin only)

24
libxslt/security.c
View File

@@ -34,6 +34,13 @@
#include <ctype.h> #include <ctype.h>
#endif #endif
#if defined(WIN32) && !defined(__CYGWIN__)
#include <windows.h>
#ifndef INVALID_FILE_ATTRIBUTES
#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
#endif
#endif
#ifndef HAVE_STAT #ifndef HAVE_STAT
# ifdef HAVE__STAT # ifdef HAVE__STAT
/* MS C library seems to define stat and _stat. The definition /* MS C library seems to define stat and _stat. The definition
@@ -267,6 +274,16 @@ xsltCheckFilename (const char *path)
{ {
#ifdef HAVE_STAT #ifdef HAVE_STAT
struct stat stat_buffer; struct stat stat_buffer;
#if defined(WIN32) && !defined(__CYGWIN__)
DWORD dwAttrs;
dwAttrs = GetFileAttributes(path);
if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
return 2;
}
}
#endif
if (stat(path, &stat_buffer) == -1) if (stat(path, &stat_buffer) == -1)
return 0; return 0;
@@ -362,6 +379,13 @@ xsltCheckWrite(xsltSecurityPrefsPtr sec,
if ((uri->scheme == NULL) || if ((uri->scheme == NULL) ||
(xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) { (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
#if defined(WIN32) && !defined(__CYGWIN__)
if ((uri->path)&&(uri->path[0]=='/')&&
(uri->path[1]!='\0')&&(uri->path[2]==':'))
ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
else
#endif
/* /*
* Check if we are allowed to write this file * Check if we are allowed to write this file
*/ */