Skip to content

Commit

Permalink
Prevent XML external entities from being fetched with libxml2 < 2.9.0
Browse files Browse the repository at this point in the history
  • Loading branch information
rouault authored and tbonfort committed Jun 29, 2015
1 parent 32ac1c6 commit 6600f47
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions mapows.c
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,17 @@ static void msOWSClearRequestObj(owsRequestObj *ows_request)
}
}

#if defined(USE_LIBXML2) && LIBXML_VERSION < 20900
static int bExternalEntityAsked = FALSE;
static xmlParserInputPtr dummyEntityLoader(const char * URL,
const char * ID,
xmlParserCtxtPtr context )
{
bExternalEntityAsked = TRUE;
return NULL;
}
#endif

/*
** msOWSPreParseRequest() parses a cgiRequestObj either with GET/KVP
** or with POST/XML. Only SERVICE, VERSION (or WMTVER) and REQUEST are
Expand Down Expand Up @@ -117,6 +128,9 @@ static int msOWSPreParseRequest(cgiRequestObj *request,
} else if (request->type == MS_POST_REQUEST) {
#if defined(USE_LIBXML2)
xmlNodePtr root = NULL;
#if LIBXML_VERSION < 20900
xmlExternalEntityLoader oldExternalEntityLoader;
#endif
#elif defined(USE_GDAL)
CPLXMLNode *temp;
#endif
Expand All @@ -126,9 +140,24 @@ static int msOWSPreParseRequest(cgiRequestObj *request,
return MS_FAILURE;
}
#if defined(USE_LIBXML2)
#if LIBXML_VERSION < 20900
oldExternalEntityLoader = xmlGetExternalEntityLoader();
/* to avoid XML External Entity vulnerability with libxml2 < 2.9 */
xmlSetExternalEntityLoader (dummyEntityLoader);
bExternalEntityAsked = FALSE;
#endif
/* parse to DOM-Structure with libxml2 and get the root element */
ows_request->document = xmlParseMemory(request->postrequest,
strlen(request->postrequest));
#if LIBXML_VERSION < 20900
xmlSetExternalEntityLoader (oldExternalEntityLoader);
if( bExternalEntityAsked )
{
msSetError(MS_OWSERR, "XML parsing error: %s",
"msOWSPreParseRequest()", "External entity fetch");
return MS_FAILURE;
}
#endif
if (ows_request->document == NULL
|| (root = xmlDocGetRootElement(ows_request->document)) == NULL) {
xmlErrorPtr error = xmlGetLastError();
Expand Down

0 comments on commit 6600f47

Please sign in to comment.