Permalink
Browse files

Prevent XML external entities from being fetched with libxml2 < 2.9.0

  • Loading branch information...
rouault authored and tbonfort committed Jun 26, 2015
1 parent 32ac1c6 commit 6600f475495e3d5cd8819fae3490150e8a66404f
Showing with 29 additions and 0 deletions.
  1. +29 −0 mapows.c
View
@@ -79,6 +79,17 @@ static void msOWSClearRequestObj(owsRequestObj *ows_request)
}
}
#if defined(USE_LIBXML2) && LIBXML_VERSION < 20900
static int bExternalEntityAsked = FALSE;
static xmlParserInputPtr dummyEntityLoader(const char * URL,
const char * ID,
xmlParserCtxtPtr context )
{
bExternalEntityAsked = TRUE;
return NULL;
}
#endif
/*
** msOWSPreParseRequest() parses a cgiRequestObj either with GET/KVP
** or with POST/XML. Only SERVICE, VERSION (or WMTVER) and REQUEST are
@@ -117,6 +128,9 @@ static int msOWSPreParseRequest(cgiRequestObj *request,
} else if (request->type == MS_POST_REQUEST) {
#if defined(USE_LIBXML2)
xmlNodePtr root = NULL;
#if LIBXML_VERSION < 20900
xmlExternalEntityLoader oldExternalEntityLoader;
#endif
#elif defined(USE_GDAL)
CPLXMLNode *temp;
#endif
@@ -126,9 +140,24 @@ static int msOWSPreParseRequest(cgiRequestObj *request,
return MS_FAILURE;
}
#if defined(USE_LIBXML2)
#if LIBXML_VERSION < 20900
oldExternalEntityLoader = xmlGetExternalEntityLoader();
/* to avoid XML External Entity vulnerability with libxml2 < 2.9 */
xmlSetExternalEntityLoader (dummyEntityLoader);
bExternalEntityAsked = FALSE;
#endif
/* parse to DOM-Structure with libxml2 and get the root element */
ows_request->document = xmlParseMemory(request->postrequest,
strlen(request->postrequest));
#if LIBXML_VERSION < 20900
xmlSetExternalEntityLoader (oldExternalEntityLoader);
if( bExternalEntityAsked )
{
msSetError(MS_OWSERR, "XML parsing error: %s",
"msOWSPreParseRequest()", "External entity fetch");
return MS_FAILURE;
}
#endif
if (ows_request->document == NULL
|| (root = xmlDocGetRootElement(ows_request->document)) == NULL) {
xmlErrorPtr error = xmlGetLastError();

0 comments on commit 6600f47

Please sign in to comment.