Skip to content

Commit

Permalink
Prevent XML external entities from being fetched with libxml2 < 2.9.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@rouault @tbonfort
rouault authored and tbonfort committed Jun 29, 2015
1 parent 32ac1c6 commit 6600f47
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions mapows.c
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -79,6 +79,17 @@ static void msOWSClearRequestObj(owsRequestObj *ows_request)
} }
} }


#if defined(USE_LIBXML2) && LIBXML_VERSION < 20900
static int bExternalEntityAsked = FALSE;
static xmlParserInputPtr dummyEntityLoader(const char * URL,
const char * ID,
xmlParserCtxtPtr context )
{
bExternalEntityAsked = TRUE;
return NULL;
}
#endif

/* /*
** msOWSPreParseRequest() parses a cgiRequestObj either with GET/KVP ** msOWSPreParseRequest() parses a cgiRequestObj either with GET/KVP
** or with POST/XML. Only SERVICE, VERSION (or WMTVER) and REQUEST are ** or with POST/XML. Only SERVICE, VERSION (or WMTVER) and REQUEST are
Expand Down Expand Up @@ -117,6 +128,9 @@ static int msOWSPreParseRequest(cgiRequestObj *request,
} else if (request->type == MS_POST_REQUEST) { } else if (request->type == MS_POST_REQUEST) {
#if defined(USE_LIBXML2) #if defined(USE_LIBXML2)
xmlNodePtr root = NULL; xmlNodePtr root = NULL;
#if LIBXML_VERSION < 20900
xmlExternalEntityLoader oldExternalEntityLoader;
#endif
#elif defined(USE_GDAL) #elif defined(USE_GDAL)
CPLXMLNode *temp; CPLXMLNode *temp;
#endif #endif
Expand All @@ -126,9 +140,24 @@ static int msOWSPreParseRequest(cgiRequestObj *request,
return MS_FAILURE; return MS_FAILURE;
} }
#if defined(USE_LIBXML2) #if defined(USE_LIBXML2)
#if LIBXML_VERSION < 20900
oldExternalEntityLoader = xmlGetExternalEntityLoader();
/* to avoid XML External Entity vulnerability with libxml2 < 2.9 */
xmlSetExternalEntityLoader (dummyEntityLoader);
bExternalEntityAsked = FALSE;
#endif
/* parse to DOM-Structure with libxml2 and get the root element */ /* parse to DOM-Structure with libxml2 and get the root element */
ows_request->document = xmlParseMemory(request->postrequest, ows_request->document = xmlParseMemory(request->postrequest,
strlen(request->postrequest)); strlen(request->postrequest));
#if LIBXML_VERSION < 20900
xmlSetExternalEntityLoader (oldExternalEntityLoader);
if( bExternalEntityAsked )
{
msSetError(MS_OWSERR, "XML parsing error: %s",
"msOWSPreParseRequest()", "External entity fetch");
return MS_FAILURE;
}
#endif
if (ows_request->document == NULL if (ows_request->document == NULL
|| (root = xmlDocGetRootElement(ows_request->document)) == NULL) { || (root = xmlDocGetRootElement(ows_request->document)) == NULL) {
xmlErrorPtr error = xmlGetLastError(); xmlErrorPtr error = xmlGetLastError();
Expand Down

0 comments on commit 6600f47

Please sign in to comment.