• Nick Wellnhofer's avatar
    Fix security framework bypass · e0355360
    Nick Wellnhofer authored
    xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
    don't check for this condition and allow access. With a specially
    crafted URL, xsltCheckRead could be tricked into returning an error
    because of a supposedly invalid URL that would still be loaded
    succesfully later on.
    
    Fixes #12.
    
    Thanks to Felix Wilhelm for the report.
    e0355360
transform.c 182 KB