| author | doug leavitt <doug.leavitt@oracle.com> |
| Wed, 22 May 2013 10:12:33 -0700 | |
| branch | s11-update |
| changeset 2632 | af488b226b98 |
| parent 2563 | c9820a36ee17 |
| permissions | -rw-r--r-- |
|
2563
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
1 |
https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
2 |
CVE-2013-0338 |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
3 |
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
4 |
From 23f05e0c33987d6605387b300c4be5da2120a7ab Mon Sep 17 00:00:00 2001 |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
5 |
From: Daniel Veillard <[email protected]> |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
6 |
Date: Tue, 19 Feb 2013 02:21:49 +0000 |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
7 |
Subject: Detect excessive entities expansion upon replacement |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
8 |
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
9 |
If entities expansion in the XML parser is asked for, |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
10 |
it is possble to craft relatively small input document leading |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
11 |
to excessive on-the-fly content generation. |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
12 |
This patch accounts for those replacement and stop parsing |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
13 |
after a given threshold. it can be bypassed as usual with the |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
14 |
HUGE parser option. |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
15 |
--- |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
16 |
diff --git a/include/libxml/parser.h b/include/libxml/parser.h |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
17 |
index e1346e4..3f5730d 100644 |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
18 |
--- a/include/libxml/parser.h |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
19 |
+++ b/include/libxml/parser.h |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
20 |
@@ -310,6 +310,7 @@ struct _xmlParserCtxt {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
21 |
xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
22 |
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
23 |
int input_id; /* we need to label inputs */ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
24 |
+ unsigned long sizeentcopy; /* volume of entity copy */ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
25 |
}; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
26 |
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
27 |
/** |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
28 |
diff --git a/parser.c b/parser.c |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
29 |
index 91f8c90..ddf3b5b 100644 |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
30 |
--- a/parser.c |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
31 |
+++ b/parser.c |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
32 |
@@ -122,7 +122,7 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID, |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
33 |
*/ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
34 |
static int |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
35 |
xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
36 |
- xmlEntityPtr ent) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
37 |
+ xmlEntityPtr ent, size_t replacement) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
38 |
{
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
39 |
size_t consumed = 0; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
40 |
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
41 |
@@ -130,7 +130,24 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
42 |
return (0); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
43 |
if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
44 |
return (1); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
45 |
- if (size != 0) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
46 |
+ if (replacement != 0) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
47 |
+ if (replacement < XML_MAX_TEXT_LENGTH) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
48 |
+ return(0); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
49 |
+ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
50 |
+ /* |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
51 |
+ * If the volume of entity copy reaches 10 times the |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
52 |
+ * amount of parsed data and over the large text threshold |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
53 |
+ * then that's very likely to be an abuse. |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
54 |
+ */ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
55 |
+ if (ctxt->input != NULL) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
56 |
+ consumed = ctxt->input->consumed + |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
57 |
+ (ctxt->input->cur - ctxt->input->base); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
58 |
+ } |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
59 |
+ consumed += ctxt->sizeentities; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
60 |
+ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
61 |
+ if (replacement < XML_PARSER_NON_LINEAR * consumed) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
62 |
+ return(0); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
63 |
+ } else if (size != 0) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
64 |
/* |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
65 |
* Do the check based on the replacement size of the entity |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
66 |
*/ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
67 |
@@ -176,7 +193,6 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
68 |
*/ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
69 |
return (0); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
70 |
} |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
71 |
- |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
72 |
xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
73 |
return (1); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
74 |
} |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
75 |
@@ -2743,7 +2759,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
76 |
while (*current != 0) { /* non input consuming loop */
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
77 |
buffer[nbchars++] = *current++; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
78 |
if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
79 |
- if (xmlParserEntityCheck(ctxt, nbchars, ent)) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
80 |
+ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
81 |
goto int_error; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
82 |
growBuffer(buffer, XML_PARSER_BUFFER_SIZE); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
83 |
} |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
84 |
@@ -2785,7 +2801,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
85 |
while (*current != 0) { /* non input consuming loop */
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
86 |
buffer[nbchars++] = *current++; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
87 |
if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
88 |
- if (xmlParserEntityCheck(ctxt, nbchars, ent)) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
89 |
+ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
90 |
goto int_error; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
91 |
growBuffer(buffer, XML_PARSER_BUFFER_SIZE); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
92 |
} |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
93 |
@@ -7203,7 +7219,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
94 |
xmlFreeNodeList(list); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
95 |
return; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
96 |
} |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
97 |
- if (xmlParserEntityCheck(ctxt, 0, ent)) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
98 |
+ if (xmlParserEntityCheck(ctxt, 0, ent, 0)) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
99 |
xmlFreeNodeList(list); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
100 |
return; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
101 |
} |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
102 |
@@ -7361,6 +7377,13 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
103 |
xmlNodePtr nw = NULL, cur, firstChild = NULL; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
104 |
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
105 |
/* |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
106 |
+ * We are copying here, make sure there is no abuse |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
107 |
+ */ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
108 |
+ ctxt->sizeentcopy += ent->length; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
109 |
+ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
110 |
+ return; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
111 |
+ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
112 |
+ /* |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
113 |
* when operating on a reader, the entities definitions |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
114 |
* are always owning the entities subtree. |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
115 |
if (ctxt->parseMode == XML_PARSE_READER) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
116 |
@@ -7400,6 +7423,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
117 |
} else if ((list == NULL) || (ctxt->inputNr > 0)) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
118 |
xmlNodePtr nw = NULL, cur, next, last, |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
119 |
firstChild = NULL; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
120 |
+ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
121 |
+ /* |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
122 |
+ * We are copying here, make sure there is no abuse |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
123 |
+ */ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
124 |
+ ctxt->sizeentcopy += ent->length; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
125 |
+ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
126 |
+ return; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
127 |
+ |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
128 |
/* |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
129 |
* Copy the entity child list and make it the new |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
130 |
* entity child list. The goal is to make sure any |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
131 |
@@ -14767,6 +14798,7 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
132 |
ctxt->catalogs = NULL; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
133 |
ctxt->nbentities = 0; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
134 |
ctxt->sizeentities = 0; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
135 |
+ ctxt->sizeentcopy = 0; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
136 |
xmlInitNodeInfoSeq(&ctxt->node_seq); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
137 |
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
138 |
if (ctxt->attsDefault != NULL) {
|
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
139 |
diff --git a/parserInternals.c b/parserInternals.c |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
140 |
index 02032d5..f8a7041 100644 |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
141 |
--- a/parserInternals.c |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
142 |
+++ b/parserInternals.c |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
143 |
@@ -1719,6 +1719,8 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt) |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
144 |
ctxt->charset = XML_CHAR_ENCODING_UTF8; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
145 |
ctxt->catalogs = NULL; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
146 |
ctxt->nbentities = 0; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
147 |
+ ctxt->sizeentities = 0; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
148 |
+ ctxt->sizeentcopy = 0; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
149 |
ctxt->input_id = 1; |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
150 |
xmlInitNodeInfoSeq(&ctxt->node_seq); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
151 |
return(0); |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
152 |
-- |
|
c9820a36ee17
16492451 problem in LIBRARY/LIBXML
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
153 |
cgit v0.9.1 |