Commit dd8367da authored by Daniel Veillard's avatar Daniel Veillard

Fix regressions introduced by CVE-2014-0191 patch

A number of issues have been raised after the fix, and this patch
tries to correct all of them, though most were related to
postvalidation.
https://bugzilla.gnome.org/show_bug.cgi?id=730290
and other reports on list, off-list and on Red Hat bugzilla
parent a16eb968
......@@ -2598,8 +2598,8 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
xmlCharEncoding enc;
/*
* Note: external parsed entities will not be loaded, it is
* not required for a non-validating parser, unless the
* Note: external parameter entities will not be loaded, it
* is not required for a non-validating parser, unless the
* option of validating, or substituting entities were
* given. Doing so is far more secure as the parser will
* only process data coming from the document entity by
......@@ -2608,6 +2608,9 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
((ctxt->options & XML_PARSE_NOENT) == 0) &&
((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
(ctxt->replaceEntities == 0) &&
(ctxt->validate == 0))
return;
......@@ -12616,6 +12619,9 @@ xmlIOParseDTD(xmlSAXHandlerPtr sax, xmlParserInputBufferPtr input,
return(NULL);
}
/* We are loading a DTD */
ctxt->options |= XML_PARSE_DTDLOAD;
/*
* Set-up the SAX context
*/
......@@ -12743,6 +12749,9 @@ xmlSAXParseDTD(xmlSAXHandlerPtr sax, const xmlChar *ExternalID,
return(NULL);
}
/* We are loading a DTD */
ctxt->options |= XML_PARSE_DTDLOAD;
/*
* Set-up the SAX context
*/
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment