Fix security framework bypass
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers don't check for this condition and allow access. With a specially crafted URL, xsltCheckRead could be tricked into returning an error because of a supposedly invalid URL that would still be loaded succesfully later on. Fixes #12. Thanks to Felix Wilhelm for the report.
-
It is good that errors are now treated as permission denied. It seems strange, however, that there is no error message created to let somebody find out what happened.
-
Author Maintainer
@jkonczal In libxslt, if a function returns an error code, it means that an error has already been reported. Here's an example: https://gitlab.gnome.org/GNOME/libxslt/blob/master/libxslt/security.c#L443
-
That explains it. Thanks.
-
Is it any change to make new release with that fix?
Please register or sign in to comment