[libxml2] Do not fetch external parsed entities

[Daniel Veillard <veillard src gnome org>]

commit 4629ee02ac649c27f9c0cf98ba017c6b5526070f
Author: Daniel Veillard <veillard redhat com>
Date:   Mon Jul 23 14:15:40 2012 +0800

    Do not fetch external parsed entities
    
    Unless explicietely asked for when validating or replacing entities
    with their value. Problem pointed out by Tom Lane <tgl redhat com>
    
    * parser.c: do not load external parsed entities unless needed
    * test/errors/extparsedent.xml result/errors/extparsedent.xml*:
      add a regression test to avoid change of the behaviour in the future

 parser.c                           |    9 ++++++++-
 result/errors/extparsedent.xml     |    5 +++++
 test/errors/extparsedent.xml       |    5 +++++
 3 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/parser.c b/parser.c
index 9863275..a0183f2 100644
--- a/parser.c
+++ b/parser.c
@@ -6927,8 +6927,15 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
      * The first reference to the entity trigger a parsing phase
      * where the ent->children is filled with the result from
      * the parsing.
-     */
-    if (ent->checked == 0) {
+     * Note: external parsed entities will not be loaded, it is not
+     * required for a non-validating parser, unless the parsing option
+     * of validating, or substituting entities were given. Doing so is
+     * far more secure as the parser will only process data coming from
+     * the document entity by default.
+     */
+    if ((ent->checked == 0) &&
+        ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+         (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
 	unsigned long oldnbent = ctxt->nbentities;
 
 	/*
diff --git a/result/errors/extparsedent.xml b/result/errors/extparsedent.xml
new file mode 100644
index 0000000..07e4c54
--- /dev/null
+++ b/result/errors/extparsedent.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo [
+<!ENTITY c PUBLIC "bar" "/etc/doesnotexist">
+]>
+<root>&c;</root>
diff --git a/result/errors/extparsedent.xml.err b/result/errors/extparsedent.xml.err
new file mode 100644
index 0000000..e69de29
diff --git a/result/errors/extparsedent.xml.str b/result/errors/extparsedent.xml.str
new file mode 100644
index 0000000..e69de29
diff --git a/test/errors/extparsedent.xml b/test/errors/extparsedent.xml
new file mode 100644
index 0000000..07e4c54
--- /dev/null
+++ b/test/errors/extparsedent.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo [
+<!ENTITY c PUBLIC "bar" "/etc/doesnotexist">
+]>
+<root>&c;</root>