summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch207
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.4.bb1
2 files changed, 208 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
new file mode 100644
index 0000000000..3581ab83df
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
@@ -0,0 +1,207 @@
1From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001
2From: Doran Moppert <dmoppert@redhat.com>
3Date: Fri, 7 Apr 2017 16:45:56 +0200
4Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading
5 even local
6
7For https://bugzilla.gnome.org/show_bug.cgi?id=772726
8
9* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE
10* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine
11* include/libxml/xmlerror.h: new error raised
12* xmllint.c: adds --noxxe flag to activate the option
13
14Upstream-Status: Backport
15CVE: CVE-2016-9318
16
17Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
18---
19 elfgcchack.h | 10 ++++++++++
20 include/libxml/parser.h | 3 ++-
21 include/libxml/xmlIO.h | 8 ++++++++
22 include/libxml/xmlerror.h | 1 +
23 parser.c | 4 ++++
24 xmlIO.c | 40 +++++++++++++++++++++++++++++++++++-----
25 xmllint.c | 5 +++++
26 7 files changed, 65 insertions(+), 6 deletions(-)
27
28diff --git a/elfgcchack.h b/elfgcchack.h
29index 8c52884..1b81dcd 100644
30--- a/elfgcchack.h
31+++ b/elfgcchack.h
32@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
33 #endif
34 #endif
35
36+#ifdef bottom_xmlIO
37+#undef xmlNoXxeExternalEntityLoader
38+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
39+#else
40+#ifndef xmlNoXxeExternalEntityLoader
41+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
42+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
43+#endif
44+#endif
45+
46 #ifdef bottom_tree
47 #undef xmlNodeAddContent
48 extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
49diff --git a/include/libxml/parser.h b/include/libxml/parser.h
50index 47fbec0..63ca1b9 100644
51--- a/include/libxml/parser.h
52+++ b/include/libxml/parser.h
53@@ -1111,7 +1111,8 @@ typedef enum {
54 XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */
55 XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */
56 XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
57- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
58+ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
59+ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */
60 } xmlParserOption;
61
62 XMLPUBFUN void XMLCALL
63diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
64index 3e41744..8d3fdef 100644
65--- a/include/libxml/xmlIO.h
66+++ b/include/libxml/xmlIO.h
67@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
68 xmlParserCtxtPtr ctxt);
69
70 /*
71+ * A predefined entity loader external entity expansion
72+ */
73+XMLPUBFUN xmlParserInputPtr XMLCALL
74+ xmlNoXxeExternalEntityLoader (const char *URL,
75+ const char *ID,
76+ xmlParserCtxtPtr ctxt);
77+
78+/*
79 * xmlNormalizeWindowsPath is obsolete, don't use it.
80 * Check xmlCanonicPath in uri.h for a better alternative.
81 */
82diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
83index 037c16d..3036062 100644
84--- a/include/libxml/xmlerror.h
85+++ b/include/libxml/xmlerror.h
86@@ -470,6 +470,7 @@ typedef enum {
87 XML_IO_EADDRINUSE, /* 1554 */
88 XML_IO_EALREADY, /* 1555 */
89 XML_IO_EAFNOSUPPORT, /* 1556 */
90+ XML_IO_ILLEGAL_XXE, /* 1557 */
91 XML_XINCLUDE_RECURSION=1600,
92 XML_XINCLUDE_PARSE_VALUE, /* 1601 */
93 XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
94diff --git a/parser.c b/parser.c
95index 53a6b7f..609a270 100644
96--- a/parser.c
97+++ b/parser.c
98@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
99 ctxt->options |= XML_PARSE_NONET;
100 options -= XML_PARSE_NONET;
101 }
102+ if (options & XML_PARSE_NOXXE) {
103+ ctxt->options |= XML_PARSE_NOXXE;
104+ options -= XML_PARSE_NOXXE;
105+ }
106 if (options & XML_PARSE_COMPACT) {
107 ctxt->options |= XML_PARSE_COMPACT;
108 options -= XML_PARSE_COMPACT;
109diff --git a/xmlIO.c b/xmlIO.c
110index 1a79c09..304f822 100644
111--- a/xmlIO.c
112+++ b/xmlIO.c
113@@ -210,6 +210,7 @@ static const char *IOerr[] = {
114 "adddress in use", /* EADDRINUSE */
115 "already in use", /* EALREADY */
116 "unknown address familly", /* EAFNOSUPPORT */
117+ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
118 };
119
120 #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
121@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
122 xmlGenericError(xmlGenericErrorContext,
123 "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
124 #endif
125- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
126+ if (ctxt != NULL) {
127 int options = ctxt->options;
128
129- ctxt->options -= XML_PARSE_NONET;
130- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
131- ctxt->options = options;
132- return(ret);
133+ if (options & XML_PARSE_NOXXE) {
134+ ctxt->options -= XML_PARSE_NOXXE;
135+ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
136+ ctxt->options = options;
137+ return(ret);
138+ }
139+
140+ if (options & XML_PARSE_NONET) {
141+ ctxt->options -= XML_PARSE_NONET;
142+ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
143+ ctxt->options = options;
144+ return(ret);
145+ }
146 }
147 #ifdef LIBXML_CATALOG_ENABLED
148 resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
149@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
150 xmlParserInputPtr input = NULL;
151 xmlChar *resource = NULL;
152
153+ if (ctxt == NULL) {
154+ return(NULL);
155+ }
156+ if (ctxt->input_id == 1) {
157+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
158+ }
159+
160 #ifdef LIBXML_CATALOG_ENABLED
161 resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
162 #endif
163@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
164 return(input);
165 }
166
167+xmlParserInputPtr
168+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
169+ xmlParserCtxtPtr ctxt) {
170+ if (ctxt == NULL) {
171+ return(NULL);
172+ }
173+ if (ctxt->input_id == 1) {
174+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
175+ }
176+ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
177+ return(NULL);
178+}
179+
180 #define bottom_xmlIO
181 #include "elfgcchack.h"
182diff --git a/xmllint.c b/xmllint.c
183index 67f7adb..d9368c1 100644
184--- a/xmllint.c
185+++ b/xmllint.c
186@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
187 printf("\t--path 'paths': provide a set of paths for resources\n");
188 printf("\t--load-trace : print trace of all external entities loaded\n");
189 printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
190+ printf("\t--noxxe : forbid any external entity loading\n");
191 printf("\t--nocompact : do not generate compact text nodes\n");
192 printf("\t--htmlout : output results as HTML\n");
193 printf("\t--nowrap : do not put HTML doc wrapper\n");
194@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
195 (!strcmp(argv[i], "--nonet"))) {
196 options |= XML_PARSE_NONET;
197 xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
198+ } else if ((!strcmp(argv[i], "-noxxe")) ||
199+ (!strcmp(argv[i], "--noxxe"))) {
200+ options |= XML_PARSE_NOXXE;
201+ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
202 } else if ((!strcmp(argv[i], "-nocompact")) ||
203 (!strcmp(argv[i], "--nocompact"))) {
204 options &= ~XML_PARSE_COMPACT;
205--
2062.10.2
207
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index ba08c9c994..c2c3c9326b 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -23,6 +23,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
23 file://libxml2-CVE-2016-5131.patch \ 23 file://libxml2-CVE-2016-5131.patch \
24 file://libxml2-CVE-2016-4658.patch \ 24 file://libxml2-CVE-2016-4658.patch \
25 file://libxml2-fix_NULL_pointer_derefs.patch \ 25 file://libxml2-fix_NULL_pointer_derefs.patch \
26 file://CVE-2016-9318.patch \
26 " 27 "
27 28
28SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" 29SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"