aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrian C. Young <bcyoung@google.com>2017-04-05 09:47:34 -0700
committerMSe <mse1969@posteo.de>2017-06-09 15:05:44 +0200
commitf596072ccf53f07ad59d8c6b9227bda7a0459b98 (patch)
tree2120df51ef138b97db9d6c2fd69e8265956bae29
parentb1337b0398e284bea2a3ea609d59cfd54c3518e3 (diff)
downloadandroid_external_libxml2-f596072ccf53f07ad59d8c6b9227bda7a0459b98.tar.gz
android_external_libxml2-f596072ccf53f07ad59d8c6b9227bda7a0459b98.tar.bz2
android_external_libxml2-f596072ccf53f07ad59d8c6b9227bda7a0459b98.zip
DO NOT MERGE: Add validation for eternal enities
https://bugzilla.gnome.org/show_bug.cgi?id=780691 Bug: 36556310 AOSP-Change-Id: I9450743e167c3c73af5e4071f3fc85e81d061648 (cherry picked from commit bef9af3d89d241bcb518c20cba6da2a2fd9ba049) CVE-2017-7375 Change-Id: Ide04e11278dd0d47f81a1668247353e3c346063a
Diffstat
-rw-r--r--parser.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/parser.c b/parser.c
index c5741e3b..3d9c8f4f 100644
--- a/parser.c
+++ b/parser.c
@@ -8095,6 +8095,14 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
if (xmlPushInput(ctxt, input) < 0)
return;
} else {
+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
+ (ctxt->replaceEntities == 0) &&
+ (ctxt->validate == 0))
+ return;
/*
* TODO !!!
* handle the extra spaces added before and after
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 20:07:02 +0000