diff options
author | Brian C. Young <bcyoung@google.com> | 2017-04-05 09:47:34 -0700 |
---|---|---|
committer | MSe <mse1969@posteo.de> | 2017-06-09 15:05:44 +0200 |
commit | f596072ccf53f07ad59d8c6b9227bda7a0459b98 (patch) | |
tree | 2120df51ef138b97db9d6c2fd69e8265956bae29 | |
parent | b1337b0398e284bea2a3ea609d59cfd54c3518e3 (diff) | |
download | android_external_libxml2-f596072ccf53f07ad59d8c6b9227bda7a0459b98.tar.gz android_external_libxml2-f596072ccf53f07ad59d8c6b9227bda7a0459b98.tar.bz2 android_external_libxml2-f596072ccf53f07ad59d8c6b9227bda7a0459b98.zip |
DO NOT MERGE: Add validation for eternal enities
https://bugzilla.gnome.org/show_bug.cgi?id=780691
Bug: 36556310
AOSP-Change-Id: I9450743e167c3c73af5e4071f3fc85e81d061648
(cherry picked from commit bef9af3d89d241bcb518c20cba6da2a2fd9ba049)
CVE-2017-7375
Change-Id: Ide04e11278dd0d47f81a1668247353e3c346063a
-rw-r--r-- | parser.c | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -8095,6 +8095,14 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) if (xmlPushInput(ctxt, input) < 0) return; } else { + if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && + ((ctxt->options & XML_PARSE_NOENT) == 0) && + ((ctxt->options & XML_PARSE_DTDVALID) == 0) && + ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && + ((ctxt->options & XML_PARSE_DTDATTR) == 0) && + (ctxt->replaceEntities == 0) && + (ctxt->validate == 0)) + return; /* * TODO !!! * handle the extra spaces added before and after |