| From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001 |
| From: Doran Moppert <dmoppert@redhat.com> |
| Date: Fri, 7 Apr 2017 16:45:56 +0200 |
| Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading |
| even local |
| |
| For https://bugzilla.gnome.org/show_bug.cgi?id=772726 |
| |
| * include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE |
| * elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine |
| * include/libxml/xmlerror.h: new error raised |
| * xmllint.c: adds --noxxe flag to activate the option |
| |
| Upstream-Status: Backport |
| CVE: CVE-2016-9318 |
| |
| Signed-off-by: Catalin Enache <catalin.enache@windriver.com> |
| --- |
| elfgcchack.h | 10 ++++++++++ |
| include/libxml/parser.h | 3 ++- |
| include/libxml/xmlIO.h | 8 ++++++++ |
| include/libxml/xmlerror.h | 1 + |
| parser.c | 4 ++++ |
| xmlIO.c | 40 +++++++++++++++++++++++++++++++++++----- |
| xmllint.c | 5 +++++ |
| 7 files changed, 65 insertions(+), 6 deletions(-) |
| |
| diff --git a/elfgcchack.h b/elfgcchack.h |
| index 8c52884..1b81dcd 100644 |
| --- a/elfgcchack.h |
| +++ b/elfgcchack.h |
| @@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int |
| #endif |
| #endif |
| |
| +#ifdef bottom_xmlIO |
| +#undef xmlNoXxeExternalEntityLoader |
| +extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias"))); |
| +#else |
| +#ifndef xmlNoXxeExternalEntityLoader |
| +extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden"))); |
| +#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias |
| +#endif |
| +#endif |
| + |
| #ifdef bottom_tree |
| #undef xmlNodeAddContent |
| extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias"))); |
| diff --git a/include/libxml/parser.h b/include/libxml/parser.h |
| index 47fbec0..63ca1b9 100644 |
| --- a/include/libxml/parser.h |
| +++ b/include/libxml/parser.h |
| @@ -1111,7 +1111,8 @@ typedef enum { |
| XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */ |
| XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */ |
| XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */ |
| - XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */ |
| + XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */ |
| + XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */ |
| } xmlParserOption; |
| |
| XMLPUBFUN void XMLCALL |
| diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h |
| index 3e41744..8d3fdef 100644 |
| --- a/include/libxml/xmlIO.h |
| +++ b/include/libxml/xmlIO.h |
| @@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL |
| xmlParserCtxtPtr ctxt); |
| |
| /* |
| + * A predefined entity loader external entity expansion |
| + */ |
| +XMLPUBFUN xmlParserInputPtr XMLCALL |
| + xmlNoXxeExternalEntityLoader (const char *URL, |
| + const char *ID, |
| + xmlParserCtxtPtr ctxt); |
| + |
| +/* |
| * xmlNormalizeWindowsPath is obsolete, don't use it. |
| * Check xmlCanonicPath in uri.h for a better alternative. |
| */ |
| diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h |
| index 037c16d..3036062 100644 |
| --- a/include/libxml/xmlerror.h |
| +++ b/include/libxml/xmlerror.h |
| @@ -470,6 +470,7 @@ typedef enum { |
| XML_IO_EADDRINUSE, /* 1554 */ |
| XML_IO_EALREADY, /* 1555 */ |
| XML_IO_EAFNOSUPPORT, /* 1556 */ |
| + XML_IO_ILLEGAL_XXE, /* 1557 */ |
| XML_XINCLUDE_RECURSION=1600, |
| XML_XINCLUDE_PARSE_VALUE, /* 1601 */ |
| XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */ |
| diff --git a/parser.c b/parser.c |
| index 53a6b7f..609a270 100644 |
| --- a/parser.c |
| +++ b/parser.c |
| @@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi |
| ctxt->options |= XML_PARSE_NONET; |
| options -= XML_PARSE_NONET; |
| } |
| + if (options & XML_PARSE_NOXXE) { |
| + ctxt->options |= XML_PARSE_NOXXE; |
| + options -= XML_PARSE_NOXXE; |
| + } |
| if (options & XML_PARSE_COMPACT) { |
| ctxt->options |= XML_PARSE_COMPACT; |
| options -= XML_PARSE_COMPACT; |
| diff --git a/xmlIO.c b/xmlIO.c |
| index 1a79c09..304f822 100644 |
| --- a/xmlIO.c |
| +++ b/xmlIO.c |
| @@ -210,6 +210,7 @@ static const char *IOerr[] = { |
| "adddress in use", /* EADDRINUSE */ |
| "already in use", /* EALREADY */ |
| "unknown address familly", /* EAFNOSUPPORT */ |
| + "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */ |
| }; |
| |
| #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__) |
| @@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID, |
| xmlGenericError(xmlGenericErrorContext, |
| "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL); |
| #endif |
| - if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) { |
| + if (ctxt != NULL) { |
| int options = ctxt->options; |
| |
| - ctxt->options -= XML_PARSE_NONET; |
| - ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); |
| - ctxt->options = options; |
| - return(ret); |
| + if (options & XML_PARSE_NOXXE) { |
| + ctxt->options -= XML_PARSE_NOXXE; |
| + ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt); |
| + ctxt->options = options; |
| + return(ret); |
| + } |
| + |
| + if (options & XML_PARSE_NONET) { |
| + ctxt->options -= XML_PARSE_NONET; |
| + ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); |
| + ctxt->options = options; |
| + return(ret); |
| + } |
| } |
| #ifdef LIBXML_CATALOG_ENABLED |
| resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); |
| @@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, |
| xmlParserInputPtr input = NULL; |
| xmlChar *resource = NULL; |
| |
| + if (ctxt == NULL) { |
| + return(NULL); |
| + } |
| + if (ctxt->input_id == 1) { |
| + return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); |
| + } |
| + |
| #ifdef LIBXML_CATALOG_ENABLED |
| resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); |
| #endif |
| @@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, |
| return(input); |
| } |
| |
| +xmlParserInputPtr |
| +xmlNoXxeExternalEntityLoader(const char *URL, const char *ID, |
| + xmlParserCtxtPtr ctxt) { |
| + if (ctxt == NULL) { |
| + return(NULL); |
| + } |
| + if (ctxt->input_id == 1) { |
| + return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); |
| + } |
| + xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL); |
| + return(NULL); |
| +} |
| + |
| #define bottom_xmlIO |
| #include "elfgcchack.h" |
| diff --git a/xmllint.c b/xmllint.c |
| index 67f7adb..d9368c1 100644 |
| --- a/xmllint.c |
| +++ b/xmllint.c |
| @@ -3019,6 +3019,7 @@ static void usage(const char *name) { |
| printf("\t--path 'paths': provide a set of paths for resources\n"); |
| printf("\t--load-trace : print trace of all external entities loaded\n"); |
| printf("\t--nonet : refuse to fetch DTDs or entities over network\n"); |
| + printf("\t--noxxe : forbid any external entity loading\n"); |
| printf("\t--nocompact : do not generate compact text nodes\n"); |
| printf("\t--htmlout : output results as HTML\n"); |
| printf("\t--nowrap : do not put HTML doc wrapper\n"); |
| @@ -3461,6 +3462,10 @@ main(int argc, char **argv) { |
| (!strcmp(argv[i], "--nonet"))) { |
| options |= XML_PARSE_NONET; |
| xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader); |
| + } else if ((!strcmp(argv[i], "-noxxe")) || |
| + (!strcmp(argv[i], "--noxxe"))) { |
| + options |= XML_PARSE_NOXXE; |
| + xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader); |
| } else if ((!strcmp(argv[i], "-nocompact")) || |
| (!strcmp(argv[i], "--nocompact"))) { |
| options &= ~XML_PARSE_COMPACT; |
| -- |
| 2.10.2 |
| |