1. 21 Jul, 2021 1 commit
    • Nick Wellnhofer's avatar
      Fix use-after-free in xsltApplyTemplates · 50f9c9cd
      Nick Wellnhofer authored
      xsltApplyTemplates without a select expression could delete nodes in
      the source document.
      
      1. Text nodes with strippable whitespace
      
      Whitespace from input documents is already stripped, so there's no
      need to strip it again. Under certain circumstances, xsltApplyTemplates
      could be fooled into deleting text nodes that are still referenced,
      resulting in a use-after-free.
      
      2. The DTD
      
      The DTD was only unlinked, but there's no good reason to do this just
      now. Maybe it was meant as a micro-optimization.
      
      3. Unknown nodes
      
      Useless and dangerous as well, especially with XInclude nodes.
      See libxml2#268
      
      Simply stop trying to uselessly delete nodes when applying a template.
      This part of the code is probably a leftover from a time where
      xsltApplyStripSpaces wasn't implemented yet. Also note that
      xsltApplyTemplates with a select expression never tried to delete
      nodes.
      
      Also stop xsltDefaultProcessOneNode from deleting nodes for the same
      reasons.
      
      This fixes CVE-2021-30560.
      50f9c9cd
  2. 06 Jul, 2021 2 commits
  3. 16 Jun, 2021 2 commits
  4. 06 Jun, 2021 1 commit
  5. 22 May, 2021 1 commit
  6. 20 Mar, 2021 1 commit
  7. 02 Mar, 2021 3 commits
  8. 22 Feb, 2021 1 commit
  9. 20 Feb, 2021 1 commit
  10. 02 Feb, 2021 1 commit
  11. 17 Jan, 2021 1 commit
  12. 15 Jan, 2021 7 commits
  13. 19 Dec, 2020 4 commits
  14. 07 Dec, 2020 5 commits
  15. 30 Nov, 2020 6 commits
  16. 19 Nov, 2020 3 commits