1 Patch origin: upstream

     2 Patch status: will be part of next version

     3 

     4 From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001

     5 From: Daniel Veillard <[email protected]>

     6 Date: Thu, 23 Oct 2014 11:35:36 +0800

     7 Subject: Fix missing entities after CVE-2014-3660 fix

     8 

     9 For https://bugzilla.gnome.org/show_bug.cgi?id=738805

    10 

    11 The fix for CVE-2014-3660 introduced a regression in some case

    12 where entity substitution is required and the entity is used

    13 first in anotther entity referenced from an attribute value

    14 

    15 diff --git a/parser.c b/parser.c

    16 index 67c9dfd..a8d1b67 100644

    17 --- a/parser.c

    18 +++ b/parser.c

    19 @@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {

    20       * far more secure as the parser will only process data coming from

    21       * the document entity by default.

    22       */

    23 -    if ((ent->checked == 0) &&

    24 +    if (((ent->checked == 0) ||

    25 +         ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&

    26          ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||

    27           (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {

    28  	unsigned long oldnbent = ctxt->nbentities;

    29 -- 

    30 cgit v0.10.1

    31