[libxml2] Improve handling of context input_id



commit ad88b54f1a28a8565964a370b5d387927b633c0d
Author: Daniel Veillard <veillard redhat com>
Date:   Fri Dec 8 09:42:31 2017 +0100

    Improve handling of context input_id
    
    For https://bugzilla.gnome.org/show_bug.cgi?id=772726
    This was used in xmlsec to detect issues with accessing external entities
    and prevent them, but was unreliable, based on a patch from Aleksey Sanin
    
    * parser.c: make sure input_id is incremented when creating sub-entities
                for parsing or when parsing out of context

 parser.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/parser.c b/parser.c
index 51264e6..a30dd18 100644
--- a/parser.c
+++ b/parser.c
@@ -13364,6 +13364,7 @@ xmlParseBalancedChunkMemoryInternal(xmlParserCtxtPtr oldctxt,
        ctxt->userData = ctxt;
     if (ctxt->dict != NULL) xmlDictFree(ctxt->dict);
     ctxt->dict = oldctxt->dict;
+    ctxt->input_id = oldctxt->input_id + 1;
     ctxt->str_xml = xmlDictLookup(ctxt->dict, BAD_CAST "xml", 3);
     ctxt->str_xmlns = xmlDictLookup(ctxt->dict, BAD_CAST "xmlns", 5);
     ctxt->str_xml_ns = xmlDictLookup(ctxt->dict, XML_XML_NAMESPACE, 36);
@@ -13617,6 +13618,7 @@ xmlParseInNodeContext(xmlNodePtr node, const char *data, int datalen,
     xmlDetectSAX2(ctxt);
     ctxt->myDoc = doc;
     /* parsing in context, i.e. as within existing content */
+    ctxt->input_id = 2;
     ctxt->instate = XML_PARSER_CONTENT;
 
     fake = xmlNewComment(NULL);
@@ -13829,6 +13831,7 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
        newDoc->oldNs = doc->oldNs;
     }
     ctxt->instate = XML_PARSER_CONTENT;
+    ctxt->input_id = 2;
     ctxt->depth = depth;
 
     /*
@@ -13989,6 +13992,11 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
     if (pctx != NULL) {
         ctxt->options = pctx->options;
         ctxt->_private = pctx->_private;
+       /*
+        * this is a subparser of pctx, so the input_id should be
+        * incremented to distinguish from main entity
+        */
+       ctxt->input_id = pctx->input_id + 1;
     }
 
     uri = xmlBuildURI(URL, base);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]