From dd8367da17c2948981a51e52c8a6beb445edf825 Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Wed, 11 Jun 2014 16:54:32 +0800 Subject: [PATCH] Fix regressions introduced by CVE-2014-0191 patch A number of issues have been raised after the fix, and this patch tries to correct all of them, though most were related to postvalidation. https://bugzilla.gnome.org/show_bug.cgi?id=730290 and other reports on list, off-list and on Red Hat bugzilla --- parser.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/parser.c b/parser.c index c0dea05a..ba70f9ee 100644 --- a/parser.c +++ b/parser.c @@ -2598,8 +2598,8 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { xmlCharEncoding enc; /* - * Note: external parsed entities will not be loaded, it is - * not required for a non-validating parser, unless the + * Note: external parameter entities will not be loaded, it + * is not required for a non-validating parser, unless the * option of validating, or substituting entities were * given. Doing so is far more secure as the parser will * only process data coming from the document entity by @@ -2608,6 +2608,9 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && ((ctxt->options & XML_PARSE_NOENT) == 0) && ((ctxt->options & XML_PARSE_DTDVALID) == 0) && + ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && + ((ctxt->options & XML_PARSE_DTDATTR) == 0) && + (ctxt->replaceEntities == 0) && (ctxt->validate == 0)) return; @@ -12616,6 +12619,9 @@ xmlIOParseDTD(xmlSAXHandlerPtr sax, xmlParserInputBufferPtr input, return(NULL); } + /* We are loading a DTD */ + ctxt->options |= XML_PARSE_DTDLOAD; + /* * Set-up the SAX context */ @@ -12743,6 +12749,9 @@ xmlSAXParseDTD(xmlSAXHandlerPtr sax, const xmlChar *ExternalID, return(NULL); } + /* We are loading a DTD */ + ctxt->options |= XML_PARSE_DTDLOAD; + /* * Set-up the SAX context */