xinclude: Check URI length

Don't report long URIs as OOM errors.
2025-03-27 18:50:07 +03:00 · 2024-07-01 16:01:24 +02:00 · 2024-07-01 16:01:24 +02:00 · 16e7ecd478
commit 16e7ecd478
parent 37f7237050
3 changed files with 14 additions and 3 deletions
--- a/SAX2.c
+++ b/SAX2.c
@ -31,8 +31,6 @@
 #include "private/parser.h"
 #include "private/tree.h"

-#define XML_MAX_URI_LENGTH 2000
-
 /*
 * xmlSAX2ErrMemory:
 * @ctxt:  an XML validation parser context
--- a/include/private/parser.h
+++ b/include/private/parser.h
@ -4,6 +4,8 @@
 #include <libxml/parser.h>
 #include <libxml/xmlversion.h>

+#define XML_MAX_URI_LENGTH 2000
+
 /**
 * XML_VCTXT_DTD_VALIDATED:
 *
--- a/xinclude.c
+++ b/xinclude.c
@ -418,6 +418,10 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur) {
            xmlXIncludeErrMemory(ctxt);
 	    goto error;
        }
+    } else if (xmlStrlen(href) > XML_MAX_URI_LENGTH) {
+        xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI, "URI too long\n",
+                       NULL);
+        goto error;
    }

    parse = xmlXIncludeGetProp(ctxt, cur, XINCLUDE_PARSE);
@ -634,7 +638,14 @@ xmlXIncludeBaseFixup(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur, xmlNodePtr copy,
        xmlXIncludeErrMemory(ctxt);

    if ((base != NULL) && !xmlStrEqual(base, targetBase)) {
-        if (xmlBuildRelativeURISafe(base, targetBase, &relBase) < 0) {
+        if ((xmlStrlen(base) > XML_MAX_URI_LENGTH) ||
+            (xmlStrlen(targetBase) > XML_MAX_URI_LENGTH)) {
+            relBase = xmlStrdup(base);
+            if (relBase == NULL) {
+                xmlXIncludeErrMemory(ctxt);
+                goto done;
+            }
+        } else if (xmlBuildRelativeURISafe(base, targetBase, &relBase) < 0) {
            xmlXIncludeErrMemory(ctxt);
            goto done;
        }