[xml] [BUG] [PATCH] --postvalid broken after CVE-2014-0191 fix



Hi Daniel,

The fix for the CVE-2014-0191 broke the --postvalid option. In that case, DTDs 
are not loaded even though requested on the command line. This was the 
CVE-2014-0191 patch:

 https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df

With --postvalid specified on the command line, the XML_PARSE_DTDVALID is not 
set in ctxt->options; instead, XML_PARSE_DTDLOAD is set). Same goes for the 
other options that set XML_PARSE_DTDLOAD, --dtdvalid and --dtdvalidfpi.

Patch attached.

Regards,
Alexey.

Attachment: postvalid-broken.diff
Description: Text Data



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]