Add an XML_PARSE_NOXXE flag to block all entities loading even local

For https://bugzilla.gnome.org/show_bug.cgi?id=772726 * include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE * elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine * include/libxml/xmlerror.h: new error raised * xmllint.c: adds --noxxe flag to activate the option
author: Doran Moppert <dmoppert@redhat.com> 2017-04-07 16:45:56 +0200
committer: Daniel Veillard <veillard@redhat.com> 2017-04-07 16:55:05 +0200
commit: 2304078555896cf1638c628f50326aeef6f0e0d0 (patch)
tree: 10c77da4ad72b8f0f95b5cc4a65a5bb563ebd4c6
parent: e905f08123e4a6e7731549e6f09dadff4cab65bd (diff)
download: libxml2-2304078555896cf1638c628f50326aeef6f0e0d0.tar.gz
7 files changed, 65 insertions, 6 deletions
diff --git a/elfgcchack.h b/elfgcchack.h
index 8c52884a..1b81dcde 100644
--- a/elfgcchack.h
+++ b/elfgcchack.h
@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
 #endif
 #endif
 
+#ifdef bottom_xmlIO
+#undef xmlNoXxeExternalEntityLoader
+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
+#else
+#ifndef xmlNoXxeExternalEntityLoader
+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
+#endif
+#endif
+
 #ifdef bottom_tree
 #undef xmlNodeAddContent
 extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
diff --git a/include/libxml/parser.h b/include/libxml/parser.h
index 47fbec03..63ca1b97 100644
--- a/include/libxml/parser.h
+++ b/include/libxml/parser.h
@@ -1111,7 +1111,8 @@ typedef enum {
     XML_PARSE_HUGE      = 1<<19,/* relax any hardcoded limit from the parser */
     XML_PARSE_OLDSAX    = 1<<20,/* parse using SAX2 interface before 2.7.0 */
     XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
-    XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
+    XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
+    XML_PARSE_NOXXE	= 1<<23 /* Forbid any external entity loading */
 } xmlParserOption;
 
 XMLPUBFUN void XMLCALL
diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
index 3e41744d..8d3fdef5 100644
--- a/include/libxml/xmlIO.h
+++ b/include/libxml/xmlIO.h
@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
 					 xmlParserCtxtPtr ctxt);
 
 /*
+ * A predefined entity loader external entity expansion
+ */
+XMLPUBFUN xmlParserInputPtr XMLCALL
+	xmlNoXxeExternalEntityLoader	(const char *URL,
+					 const char *ID,
+					 xmlParserCtxtPtr ctxt);
+
+/*
  * xmlNormalizeWindowsPath is obsolete, don't use it.
  * Check xmlCanonicPath in uri.h for a better alternative.
  */
diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
index 037c16d5..3036062d 100644
--- a/include/libxml/xmlerror.h
+++ b/include/libxml/xmlerror.h
@@ -470,6 +470,7 @@ typedef enum {
     XML_IO_EADDRINUSE, /* 1554 */
     XML_IO_EALREADY, /* 1555 */
     XML_IO_EAFNOSUPPORT, /* 1556 */
+    XML_IO_ILLEGAL_XXE, /* 1557 */
     XML_XINCLUDE_RECURSION=1600,
     XML_XINCLUDE_PARSE_VALUE, /* 1601 */
     XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
diff --git a/parser.c b/parser.c
index 53a6b7f0..609a2703 100644
--- a/parser.c
+++ b/parser.c
@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
 	ctxt->options |= XML_PARSE_NONET;
         options -= XML_PARSE_NONET;
     }
+    if (options & XML_PARSE_NOXXE) {
+	ctxt->options |= XML_PARSE_NOXXE;
+        options -= XML_PARSE_NOXXE;
+    }
     if (options & XML_PARSE_COMPACT) {
 	ctxt->options |= XML_PARSE_COMPACT;
         options -= XML_PARSE_COMPACT;
diff --git a/xmlIO.c b/xmlIO.c
index 300ee47a..e6256128 100644
--- a/xmlIO.c
+++ b/xmlIO.c
@@ -210,6 +210,7 @@ static const char *IOerr[] = {
     "adddress in use",		/* EADDRINUSE */
     "already in use",		/* EALREADY */
     "unknown address familly",	/* EAFNOSUPPORT */
+    "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
 };
 
 #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
     xmlGenericError(xmlGenericErrorContext,
                     "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
 #endif
-    if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
+    if (ctxt != NULL) {
         int options = ctxt->options;
 
-	ctxt->options -= XML_PARSE_NONET;
-        ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
-	ctxt->options = options;
-	return(ret);
+        if (options & XML_PARSE_NOXXE) {
+            ctxt->options -= XML_PARSE_NOXXE;
+            ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
+            ctxt->options = options;
+            return(ret);
+        }
+ 
+        if (options & XML_PARSE_NONET) {
+            ctxt->options -= XML_PARSE_NONET;
+            ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
+            ctxt->options = options;
+            return(ret);
+        }
     }
 #ifdef LIBXML_CATALOG_ENABLED
     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
     xmlParserInputPtr input = NULL;
     xmlChar *resource = NULL;
 
+    if (ctxt == NULL) {
+        return(NULL);
+    }
+    if (ctxt->input_id == 1) {
+        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
+    }
+
 #ifdef LIBXML_CATALOG_ENABLED
     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
 #endif
@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
     return(input);
 }
 
+xmlParserInputPtr
+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
+                          xmlParserCtxtPtr ctxt) {
+    if (ctxt == NULL) {
+        return(NULL);
+    }
+    if (ctxt->input_id == 1) {
+        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
+    }
+    xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
+    return(NULL);
+}
+
 #define bottom_xmlIO
 #include "elfgcchack.h"
diff --git a/xmllint.c b/xmllint.c
index 67f7adb2..d9368c1d 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
     printf("\t--path 'paths': provide a set of paths for resources\n");
     printf("\t--load-trace : print trace of all external entities loaded\n");
     printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
+    printf("\t--noxxe : forbid any external entity loading\n");
     printf("\t--nocompact : do not generate compact text nodes\n");
     printf("\t--htmlout : output results as HTML\n");
     printf("\t--nowrap : do not put HTML doc wrapper\n");
@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
                    (!strcmp(argv[i], "--nonet"))) {
 	    options |= XML_PARSE_NONET;
 	    xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
+        } else if ((!strcmp(argv[i], "-noxxe")) ||
+                   (!strcmp(argv[i], "--noxxe"))) {
+	    options |= XML_PARSE_NOXXE;
+	    xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
         } else if ((!strcmp(argv[i], "-nocompact")) ||
                    (!strcmp(argv[i], "--nocompact"))) {
 	    options &= ~XML_PARSE_COMPACT;
author	Doran Moppert <dmoppert@redhat.com>	2017-04-07 16:45:56 +0200
committer	Daniel Veillard <veillard@redhat.com>	2017-04-07 16:55:05 +0200
commit	2304078555896cf1638c628f50326aeef6f0e0d0 (patch)
tree	10c77da4ad72b8f0f95b5cc4a65a5bb563ebd4c6
parent	e905f08123e4a6e7731549e6f09dadff4cab65bd (diff)
download	libxml2-2304078555896cf1638c628f50326aeef6f0e0d0.tar.gz