From dd8367da17c2948981a51e52c8a6beb445edf825 Mon Sep 17 00:00:00 2001 From: Daniel Veillard <veillard@redhat.com> Date: Wed, 11 Jun 2014 16:54:32 +0800 Subject: Fix regressions introduced by CVE-2014-0191 patch A number of issues have been raised after the fix, and this patch tries to correct all of them, though most were related to postvalidation. https://bugzilla.gnome.org/show_bug.cgi?id=730290 and other reports on list, off-list and on Red Hat bugzilla Index: libxml2-2.9.1+dfsg1/parser.c =================================================================== --- libxml2-2.9.1+dfsg1.orig/parser.c 2014-06-13 07:26:26.378947533 -0400 +++ libxml2-2.9.1+dfsg1/parser.c 2014-06-13 07:26:26.370947533 -0400 @@ -2595,8 +2595,8 @@ xmlCharEncoding enc; /* - * Note: external parsed entities will not be loaded, it is - * not required for a non-validating parser, unless the + * Note: external parameter entities will not be loaded, it + * is not required for a non-validating parser, unless the * option of validating, or substituting entities were * given. Doing so is far more secure as the parser will * only process data coming from the document entity by @@ -2605,6 +2605,9 @@ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && ((ctxt->options & XML_PARSE_NOENT) == 0) && ((ctxt->options & XML_PARSE_DTDVALID) == 0) && + ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && + ((ctxt->options & XML_PARSE_DTDATTR) == 0) && + (ctxt->replaceEntities == 0) && (ctxt->validate == 0)) return; @@ -12609,6 +12612,9 @@ return(NULL); } + /* We are loading a DTD */ + ctxt->options |= XML_PARSE_DTDLOAD; + /* * Set-up the SAX context */ @@ -12736,6 +12742,9 @@ return(NULL); } + /* We are loading a DTD */ + ctxt->options |= XML_PARSE_DTDLOAD; + /* * Set-up the SAX context */