mifr/subsurface
1
0
Fork 0
mirror of https://github.com/subsurface/subsurface.git synced 2025-01-31 20:53:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

Import / Export: Remove Unsafe XML Handling Options.

Browse source 
Remove the options to expand entities and so continue when encountering invalid /
malformed XML, as both of these can be exploited by supplying
maliciously crafted XML.

Signed-off-by: Michael Keller <mikeller@042.ch>
This commit is contained in:
Michael Keller 2024-03-14 11:47:05 +13:00 committed by bstoeger
parent 92c3837f6e
commit 6aca76c342
3 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core/parse-xml.cpp
View file

@ -1765,9 +1765,9 @@ extern "C" int parse_xml_buffer(const char *url, const char *buffer, int, struct
state.log = log;
state.fingerprints = &fingerprint_table; // simply use the global table for now
doc = xmlReadMemory(res, strlen(res), url, NULL, XML_PARSE_HUGE | XML_PARSE_RECOVER);
doc = xmlReadMemory(res, strlen(res), url, NULL, XML_PARSE_HUGE);
if (!doc)
doc = xmlReadMemory(res, strlen(res), url, "latin1", XML_PARSE_HUGE | XML_PARSE_RECOVER);
doc = xmlReadMemory(res, strlen(res), url, "latin1", XML_PARSE_HUGE);
if (res != buffer)
free((char *)res);
@ -2346,7 +2346,6 @@ static xmlDoc *test_xslt_transforms(xmlDoc *doc, const struct xml_params *params
}
xmlFree(attribute);
}
xmlSubstituteEntitiesDefault(1);
xslt = get_stylesheet(info->file);
if (xslt == NULL) {
report_error(translate("gettextFromC", "Can't open stylesheet %s"), info->file);

2
core/save-xml.cpp
View file

@ -879,7 +879,7 @@ static int export_dives_xslt_doit(const char *filename, struct xml_params *param
* transform it to selected export format, finally dumping
* the XML into a character buffer.
*/
doc = xmlReadMemory(buf.buffer, buf.len, "divelog", NULL, XML_PARSE_HUGE | XML_PARSE_RECOVER);
doc = xmlReadMemory(buf.buffer, buf.len, "divelog", NULL, XML_PARSE_HUGE);
if (!doc)
return report_error("Failed to read XML memory");

2
core/uploadDiveLogsDE.cpp
View file

@ -141,7 +141,7 @@ bool uploadDiveLogsDE::prepareDives(const QString &tempfile, bool selected)
* transform it to divelogs.de format, finally dumping
* the XML into a character buffer.
*/
xmlDoc *doc = xmlReadMemory(mb.buffer, mb.len, "divelog", NULL, XML_PARSE_HUGE | XML_PARSE_RECOVER);
xmlDoc *doc = xmlReadMemory(mb.buffer, mb.len, "divelog", NULL, XML_PARSE_HUGE);
if (!doc) {
qWarning() << errPrefix << "could not parse back into memory the XML file we've just created!";
report_error("%s", qPrintable(tr("internal error")));