1. 23 Feb, 2015 2 commits
  2. 23 Oct, 2014 1 commit
  3. 17 Oct, 2014 1 commit
  4. 16 Oct, 2014 2 commits
    • Daniel Veillard's avatar
      Fix for CVE-2014-3660 · be2a7eda
      Daniel Veillard authored
      Issues related to the billion laugh entity expansion which happened to
      escape the initial set of fixes
      be2a7eda
    • Bart De Schuymer's avatar
      fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC · 500c54ef
      Bart De Schuymer authored
      When the xml parser encounters an xml encoding in an xml header while
      configured with option XML_PARSE_IGNORE_ENC, it fails to free memory
      allocated for storing the encoding.
      The patch below fixes this.
      How to reproduce:
      1. Change doc/examples/parse4.c to add xmlCtxtUseOptions(ctxt,
      XML_PARSE_IGNORE_ENC); after the call to xmlCreatePushParserCtxt.
      2. Rebuild
      3. run the following command from the top libxml2 directory:
      LD_LIBRARY_PATH=.libs/ valgrind --leak-check=full
      ./doc/examples/.libs/parse4 ./test.xml , where test.xml contains
      following
      input:
      <?xml version="1.0" encoding="UTF-81" ?><hi/>
      valgrind will report:
      ==1964== 10 bytes in 1 blocks are definitely lost in loss record 1 of 1
      ==1964==    at 0x4C272DB: malloc (in
      /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==1964==    by 0x4E88497: xmlParseEncName (parser.c:10224)
      ==1964==    by 0x4E888FE: xmlParseEncodingDecl (parser.c:10295)
      ==1964==    by 0x4E89630: xmlParseXMLDecl (parser.c:10534)
      ==1964==    by 0x4E8B737: xmlParseTryOrFinish (parser.c:11293)
      ==1964==    by 0x4E8E775: xmlParseChunk (parser.c:12283)
      
      Signed-off-by: Bart De Schuymer <bart at amplidata com>
      500c54ef
  5. 08 Oct, 2014 1 commit
  6. 06 Oct, 2014 2 commits
    • Dennis Filder's avatar
      parser bug on misformed namespace attributes · 7e9bbdf8
      Dennis Filder authored
      For https://bugzilla.gnome.org/show_bug.cgi?id=672539
      Reported by Axel Miller <axel.miller@ppi.de>
      
      Consider the following start-tag:
      <x xmlns=""version="">
      
      The start-tag does not conform to the rule
      
      [40]       STag       ::=       '<' Name (S Attribute)* S? '>'
      
      since there is no whitespace in front of the attribute "version".
      
      Thus, libxml2 should reject the start-tag.
      But it doesn't:
      
      $ echo '<x xmlns=""version=""/>' | xmllint -
      <?xml version="1.0"?>
      <x xmlns="" version=""/>
      
      The error seems to happen only if there is a namespace declaration in
      front of
      the attribute. A missing whitespace between other attributes is handled
      correctly:
      
      $ echo '<x someattr=""version=""/>' | xmllint -
      -:1: parser error : attributes construct error
      <x someattr=""version=""/>
                    ^
      [...]
      7e9bbdf8
    • Juergen Keil's avatar
      wrong error column in structured error when parsing end tag · 24fb4c32
      Juergen Keil authored
      For https://bugzilla.gnome.org/show_bug.cgi?id=734283
      
      libxml2 reports wrong error column numbers (field int2 in xmlError)
      in structured error handler, after parsing an end tag.
      24fb4c32
  7. 07 Aug, 2014 2 commits
    • Juergen Keil's avatar
      wrong error column in structured error when parsing attribute values · 33f658c9
      Juergen Keil authored
      For https://bugzilla.gnome.org/show_bug.cgi?id=734280
      
      libxml2 reports wrong error column numbers (field int2 in xmlError)
      in structured error handler, after parsing XML attribute values.
      
      Example XML:
      
      <?xml version="1.0" encoding="UTF-8"?>
      <root
      xmlns="urn:colbug">&</root>
      <!--
               1         2         3         4
      1234567890123456789012345678901234567890
      -->
      
      Expected location of the error would be line 3, column 21.
      
      The actual location of the error is line 3, column 9:
      
      $ ./xmlparse colbug2.xml
      colbug2.xml:3:9: xmlParseEntityRef: no name
      
      The 12 characters of the xmlns attribute value "urn:colbug" are
      not accounted for in the error column value.
      33f658c9
    • Juergen Keil's avatar
      wrong error column in structured error when skipping whitespace in xml decl · 5d4310af
      Juergen Keil authored
      For https://bugzilla.gnome.org/show_bug.cgi?id=734276
      
      libxml2 reports wrong error column numbers (field int2 in xmlError)
      in structured error handler, after an XML declaration containing
      whitespace.
      
      Example XML:
      
      <?xml  version="1.0"  encoding="UTF-8"     ?><root>&</root>
      <!--
               1         2         3         4         5         6
      123456789012345678901234567890123456789012345678901234567890
      -->
      
      Expected location of the error would be line 1, column 53.
      
      The actual location of the error is line 1, column 44:
      
      $ ./xmlparse colbug1.xml
      colbug1.xml:1:44: xmlParseEntityRef: no name
      5d4310af
  8. 26 Jul, 2014 1 commit
  9. 14 Jul, 2014 1 commit
  10. 11 Jun, 2014 1 commit
  11. 06 May, 2014 1 commit
  12. 21 Mar, 2014 1 commit
  13. 06 Feb, 2014 1 commit
  14. 26 Jan, 2014 1 commit
  15. 09 Dec, 2013 1 commit
  16. 30 Nov, 2013 1 commit
  17. 22 May, 2013 1 commit
  18. 10 May, 2013 1 commit
  19. 06 May, 2013 1 commit
  20. 23 Apr, 2013 1 commit
  21. 16 Apr, 2013 1 commit
  22. 11 Apr, 2013 1 commit
  23. 11 Mar, 2013 2 commits
  24. 19 Feb, 2013 1 commit
    • Daniel Veillard's avatar
      Detect excessive entities expansion upon replacement · 23f05e0c
      Daniel Veillard authored
      If entities expansion in the XML parser is asked for,
      it is possble to craft relatively small input document leading
      to excessive on-the-fly content generation.
      This patch accounts for those replacement and stop parsing
      after a given threshold. it can be bypassed as usual with the
      HUGE parser option.
      23f05e0c
  25. 13 Feb, 2013 1 commit
  26. 12 Feb, 2013 1 commit
  27. 04 Jan, 2013 1 commit
  28. 21 Dec, 2012 1 commit
  29. 30 Oct, 2012 1 commit
  30. 29 Oct, 2012 1 commit
  31. 26 Oct, 2012 1 commit
  32. 25 Oct, 2012 2 commits
  33. 13 Sep, 2012 1 commit
  34. 11 Sep, 2012 1 commit