Skip to content

Commit d4d80b3

Browse files
committed
Added SecXmlExternalEntity
1 parent 4db1f51 commit d4d80b3

File tree

3 files changed

+60
-2
lines changed

3 files changed

+60
-2
lines changed

Diff for: apache2/apache2_config.c

+46-2
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,9 @@ void *create_directory_config(apr_pool_t *mp, char *path)
156156
dcfg->crypto_hash_framesrc_pm = NOT_SET;
157157

158158

159+
/* xml external entity */
160+
dcfg->xml_external_entity = NOT_SET;
161+
159162
return dcfg;
160163
}
161164

@@ -591,6 +594,10 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
591594
merged->crypto_hash_framesrc_pm = (child->crypto_hash_framesrc_pm == NOT_SET
592595
? parent->crypto_hash_framesrc_pm : child->crypto_hash_framesrc_pm);
593596

597+
/* xml external entity */
598+
merged->xml_external_entity = (child->xml_external_entity == NOT_SET
599+
? parent->xml_external_entity : child->xml_external_entity);
600+
594601
return merged;
595602
}
596603

@@ -711,6 +718,9 @@ void init_directory_config(directory_config *dcfg)
711718
if (dcfg->crypto_hash_iframesrc_pm == NOT_SET) dcfg->crypto_hash_iframesrc_pm = 0;
712719
if (dcfg->crypto_hash_framesrc_pm == NOT_SET) dcfg->crypto_hash_framesrc_pm = 0;
713720

721+
/* xml external entity */
722+
if (dcfg->xml_external_entity == NOT_SET) dcfg->xml_external_entity = 0;
723+
714724
}
715725

716726
/**
@@ -2282,9 +2292,35 @@ static const char *cmd_sensor_id(cmd_parms *cmd, void *_dcfg, const char *p1)
22822292
return NULL;
22832293
}
22842294

2295+
/**
2296+
* \brief Add SecXmlExternalEntity configuration option
2297+
*
2298+
* \param cmd Pointer to configuration data
2299+
* \param _dcfg Pointer to directory configuration
2300+
* \param p1 Pointer to configuration option
2301+
*
2302+
* \retval NULL On failure
2303+
* \retval apr_psprintf On Success
2304+
*/
2305+
static const char *cmd_xml_external_entity(cmd_parms *cmd, void *_dcfg, const char *p1)
2306+
{
2307+
directory_config *dcfg = (directory_config *)_dcfg;
2308+
if (dcfg == NULL) return NULL;
2309+
2310+
if (strcasecmp(p1, "on") == 0) {
2311+
dcfg->xml_external_entity = 1;
2312+
}
2313+
else if (strcasecmp(p1, "off") == 0) {
2314+
dcfg->xml_external_entity = 0;
2315+
}
2316+
else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecXmlExternalEntity: %s", p1);
2317+
2318+
return NULL;
2319+
}
2320+
22852321

22862322
/**
2287-
* \brief Add SecHash configuration option
2323+
* \brief Add SecHashEngine configuration option
22882324
*
22892325
* \param cmd Pointer to configuration data
22902326
* \param _dcfg Pointer to directory configuration
@@ -2306,7 +2342,7 @@ static const char *cmd_hash_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
23062342
dcfg->hash_is_enabled = HASH_DISABLED;
23072343
dcfg->hash_enforcement = HASH_DISABLED;
23082344
}
2309-
else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRuleEngine: %s", p1);
2345+
else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SexHashEngine: %s", p1);
23102346

23112347
return NULL;
23122348
}
@@ -3223,6 +3259,14 @@ const command_rec module_directives[] = {
32233259
"On or Off"
32243260
),
32253261

3262+
AP_INIT_TAKE1 (
3263+
"SecXmlExternalEntity",
3264+
cmd_xml_external_entity,
3265+
NULL,
3266+
CMD_SCOPE_ANY,
3267+
"On or Off"
3268+
),
3269+
32263270
AP_INIT_FLAG (
32273271
"SecRuleInheritance",
32283272
cmd_rule_inheritance,

Diff for: apache2/modsecurity.h

+3
Original file line numberDiff line numberDiff line change
@@ -595,6 +595,9 @@ struct directory_config {
595595
int crypto_hash_location_pm;
596596
int crypto_hash_iframesrc_pm;
597597
int crypto_hash_framesrc_pm;
598+
599+
/* xml */
600+
int xml_external_entity;
598601
};
599602

600603
struct error_message_t {

Diff for: apache2/msc_xml.c

+11
Original file line numberDiff line numberDiff line change
@@ -14,17 +14,28 @@
1414

1515
#include "msc_xml.h"
1616

17+
static xmlParserInputBufferPtr
18+
xml_unload_external_entity(const char *URI, xmlCharEncoding enc) {
19+
return NULL;
20+
}
21+
1722

1823
/**
1924
* Initialise XML parser.
2025
*/
2126
int xml_init(modsec_rec *msr, char **error_msg) {
27+
xmlParserInputBufferCreateFilenameFunc entity;
28+
2229
if (error_msg == NULL) return -1;
2330
*error_msg = NULL;
2431

2532
msr->xml = apr_pcalloc(msr->mp, sizeof(xml_data));
2633
if (msr->xml == NULL) return -1;
2734

35+
if(msr->txcfg->xml_external_entity == 0) {
36+
entity = xmlParserInputBufferCreateFilenameDefault(xml_unload_external_entity);
37+
}
38+
2839
return 1;
2940
}
3041

0 commit comments

Comments
 (0)