summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorCatalin Enache <catalin.enache@windriver.com>2017-04-14 11:43:32 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-04-29 11:17:23 +0100
commitd7ec005904b456c62a226efd5c6931e81459052a (patch)
treefbbb0318d9e97a4c8d29645bc2822ce8233c5c93 /meta/recipes-core
parent5970acb3fe28d4af59834b5cacb2d8d4d3511506 (diff)
downloadpoky-d7ec005904b456c62a226efd5c6931e81459052a.tar.gz
libxml2: CVE-2016-9318
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch207
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.4.bb1
2 files changed, 208 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
new file mode 100644
index 0000000000..3581ab83df
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
@@ -0,0 +1,207 @@
1From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001
2From: Doran Moppert <dmoppert@redhat.com>
3Date: Fri, 7 Apr 2017 16:45:56 +0200
4Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading
5 even local
6
7For https://bugzilla.gnome.org/show_bug.cgi?id=772726
8
9* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE
10* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine
11* include/libxml/xmlerror.h: new error raised
12* xmllint.c: adds --noxxe flag to activate the option
13
14Upstream-Status: Backport
15CVE: CVE-2016-9318
16
17Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
18---
19 elfgcchack.h | 10 ++++++++++
20 include/libxml/parser.h | 3 ++-
21 include/libxml/xmlIO.h | 8 ++++++++
22 include/libxml/xmlerror.h | 1 +
23 parser.c | 4 ++++
24 xmlIO.c | 40 +++++++++++++++++++++++++++++++++++-----
25 xmllint.c | 5 +++++
26 7 files changed, 65 insertions(+), 6 deletions(-)
27
28diff --git a/elfgcchack.h b/elfgcchack.h
29index 8c52884..1b81dcd 100644
30--- a/elfgcchack.h
31+++ b/elfgcchack.h
32@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
33 #endif
34 #endif
35
36+#ifdef bottom_xmlIO
37+#undef xmlNoXxeExternalEntityLoader
38+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
39+#else
40+#ifndef xmlNoXxeExternalEntityLoader
41+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
42+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
43+#endif
44+#endif
45+
46 #ifdef bottom_tree
47 #undef xmlNodeAddContent
48 extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
49diff --git a/include/libxml/parser.h b/include/libxml/parser.h
50index 47fbec0..63ca1b9 100644
51--- a/include/libxml/parser.h
52+++ b/include/libxml/parser.h
53@@ -1111,7 +1111,8 @@ typedef enum {
54 XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */
55 XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */
56 XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
57- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
58+ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
59+ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */
60 } xmlParserOption;
61
62 XMLPUBFUN void XMLCALL
63diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
64index 3e41744..8d3fdef 100644
65--- a/include/libxml/xmlIO.h
66+++ b/include/libxml/xmlIO.h
67@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
68 xmlParserCtxtPtr ctxt);
69
70 /*
71+ * A predefined entity loader external entity expansion
72+ */
73+XMLPUBFUN xmlParserInputPtr XMLCALL
74+ xmlNoXxeExternalEntityLoader (const char *URL,
75+ const char *ID,
76+ xmlParserCtxtPtr ctxt);
77+
78+/*
79 * xmlNormalizeWindowsPath is obsolete, don't use it.
80 * Check xmlCanonicPath in uri.h for a better alternative.
81 */
82diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
83index 037c16d..3036062 100644
84--- a/include/libxml/xmlerror.h
85+++ b/include/libxml/xmlerror.h
86@@ -470,6 +470,7 @@ typedef enum {
87 XML_IO_EADDRINUSE, /* 1554 */
88 XML_IO_EALREADY, /* 1555 */
89 XML_IO_EAFNOSUPPORT, /* 1556 */
90+ XML_IO_ILLEGAL_XXE, /* 1557 */
91 XML_XINCLUDE_RECURSION=1600,
92 XML_XINCLUDE_PARSE_VALUE, /* 1601 */
93 XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
94diff --git a/parser.c b/parser.c
95index 53a6b7f..609a270 100644
96--- a/parser.c
97+++ b/parser.c
98@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
99 ctxt->options |= XML_PARSE_NONET;
100 options -= XML_PARSE_NONET;
101 }
102+ if (options & XML_PARSE_NOXXE) {
103+ ctxt->options |= XML_PARSE_NOXXE;
104+ options -= XML_PARSE_NOXXE;
105+ }
106 if (options & XML_PARSE_COMPACT) {
107 ctxt->options |= XML_PARSE_COMPACT;
108 options -= XML_PARSE_COMPACT;
109diff --git a/xmlIO.c b/xmlIO.c
110index 1a79c09..304f822 100644
111--- a/xmlIO.c
112+++ b/xmlIO.c
113@@ -210,6 +210,7 @@ static const char *IOerr[] = {
114 "adddress in use", /* EADDRINUSE */
115 "already in use", /* EALREADY */
116 "unknown address familly", /* EAFNOSUPPORT */
117+ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
118 };
119
120 #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
121@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
122 xmlGenericError(xmlGenericErrorContext,
123 "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
124 #endif
125- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
126+ if (ctxt != NULL) {
127 int options = ctxt->options;
128
129- ctxt->options -= XML_PARSE_NONET;
130- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
131- ctxt->options = options;
132- return(ret);
133+ if (options & XML_PARSE_NOXXE) {
134+ ctxt->options -= XML_PARSE_NOXXE;
135+ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
136+ ctxt->options = options;
137+ return(ret);
138+ }
139+
140+ if (options & XML_PARSE_NONET) {
141+ ctxt->options -= XML_PARSE_NONET;
142+ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
143+ ctxt->options = options;
144+ return(ret);
145+ }
146 }
147 #ifdef LIBXML_CATALOG_ENABLED
148 resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
149@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
150 xmlParserInputPtr input = NULL;
151 xmlChar *resource = NULL;
152
153+ if (ctxt == NULL) {
154+ return(NULL);
155+ }
156+ if (ctxt->input_id == 1) {
157+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
158+ }
159+
160 #ifdef LIBXML_CATALOG_ENABLED
161 resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
162 #endif
163@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
164 return(input);
165 }
166
167+xmlParserInputPtr
168+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
169+ xmlParserCtxtPtr ctxt) {
170+ if (ctxt == NULL) {
171+ return(NULL);
172+ }
173+ if (ctxt->input_id == 1) {
174+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
175+ }
176+ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
177+ return(NULL);
178+}
179+
180 #define bottom_xmlIO
181 #include "elfgcchack.h"
182diff --git a/xmllint.c b/xmllint.c
183index 67f7adb..d9368c1 100644
184--- a/xmllint.c
185+++ b/xmllint.c
186@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
187 printf("\t--path 'paths': provide a set of paths for resources\n");
188 printf("\t--load-trace : print trace of all external entities loaded\n");
189 printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
190+ printf("\t--noxxe : forbid any external entity loading\n");
191 printf("\t--nocompact : do not generate compact text nodes\n");
192 printf("\t--htmlout : output results as HTML\n");
193 printf("\t--nowrap : do not put HTML doc wrapper\n");
194@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
195 (!strcmp(argv[i], "--nonet"))) {
196 options |= XML_PARSE_NONET;
197 xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
198+ } else if ((!strcmp(argv[i], "-noxxe")) ||
199+ (!strcmp(argv[i], "--noxxe"))) {
200+ options |= XML_PARSE_NOXXE;
201+ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
202 } else if ((!strcmp(argv[i], "-nocompact")) ||
203 (!strcmp(argv[i], "--nocompact"))) {
204 options &= ~XML_PARSE_COMPACT;
205--
2062.10.2
207
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 0c3d683623..7d0e121be1 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -23,6 +23,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
23 file://libxml2-CVE-2016-5131.patch \ 23 file://libxml2-CVE-2016-5131.patch \
24 file://libxml2-CVE-2016-4658.patch \ 24 file://libxml2-CVE-2016-4658.patch \
25 file://libxml2-fix_NULL_pointer_derefs.patch \ 25 file://libxml2-fix_NULL_pointer_derefs.patch \
26 file://CVE-2016-9318.patch \
26 " 27 "
27 28
28SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" 29SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"