diff options
author | Daniel Veillard <veillard@redhat.com> | 2017-12-08 09:42:31 +0100 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2017-12-08 09:42:31 +0100 |
commit | ad88b54f1a28a8565964a370b5d387927b633c0d (patch) | |
tree | ad78d0c86c77e12cc44955fb780896eecaa67353 | |
parent | 8ac759a6e6a61476a81449bdd67bc85025b07fcd (diff) | |
download | libxml2-ad88b54f1a28a8565964a370b5d387927b633c0d.tar.gz |
Improve handling of context input_id
For https://bugzilla.gnome.org/show_bug.cgi?id=772726
This was used in xmlsec to detect issues with accessing external entities
and prevent them, but was unreliable, based on a patch from Aleksey Sanin
* parser.c: make sure input_id is incremented when creating sub-entities
for parsing or when parsing out of context
-rw-r--r-- | parser.c | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -13364,6 +13364,7 @@ xmlParseBalancedChunkMemoryInternal(xmlParserCtxtPtr oldctxt, ctxt->userData = ctxt; if (ctxt->dict != NULL) xmlDictFree(ctxt->dict); ctxt->dict = oldctxt->dict; + ctxt->input_id = oldctxt->input_id + 1; ctxt->str_xml = xmlDictLookup(ctxt->dict, BAD_CAST "xml", 3); ctxt->str_xmlns = xmlDictLookup(ctxt->dict, BAD_CAST "xmlns", 5); ctxt->str_xml_ns = xmlDictLookup(ctxt->dict, XML_XML_NAMESPACE, 36); @@ -13617,6 +13618,7 @@ xmlParseInNodeContext(xmlNodePtr node, const char *data, int datalen, xmlDetectSAX2(ctxt); ctxt->myDoc = doc; /* parsing in context, i.e. as within existing content */ + ctxt->input_id = 2; ctxt->instate = XML_PARSER_CONTENT; fake = xmlNewComment(NULL); @@ -13829,6 +13831,7 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax, newDoc->oldNs = doc->oldNs; } ctxt->instate = XML_PARSER_CONTENT; + ctxt->input_id = 2; ctxt->depth = depth; /* @@ -13989,6 +13992,11 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID, if (pctx != NULL) { ctxt->options = pctx->options; ctxt->_private = pctx->_private; + /* + * this is a subparser of pctx, so the input_id should be + * incremented to distinguish from main entity + */ + ctxt->input_id = pctx->input_id + 1; } uri = xmlBuildURI(URL, base); |