- Fix unbound-anchor xml parse of entity declarations for safety.

git-svn-id: file:///svn/unbound/trunk@2797 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2012-12-20 08:22:39 +00:00 · 2012-12-20 08:22:39 +00:00 · 064bd4e2bd
commit 064bd4e2bd
parent 08188b5138
2 changed files with 18 additions and 0 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,6 @@
+20 December 2012: Wouter
+	- Fix unbound-anchor xml parse of entity declarations for safety.
+
 19 December 2012: Wouter
 	- iana portlist updated.

--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@ -1503,6 +1503,20 @@ xml_endelem(void *userData, const XML_Char *name)
 	}
 }

+/* Stop the parser when an entity declaration is encountered. For safety. */
+static void
+xml_entitydeclhandler(void *userData,
+	const XML_Char *ATTR_UNUSED(entityName),
+	int ATTR_UNUSED(is_parameter_entity),
+	const XML_Char *ATTR_UNUSED(value), int ATTR_UNUSED(value_length),
+	const XML_Char *ATTR_UNUSED(base),
+	const XML_Char *ATTR_UNUSED(systemId),
+	const XML_Char *ATTR_UNUSED(publicId),
+	const XML_Char *ATTR_UNUSED(notationName))
+{
+	XML_StopParser((XML_Parser)userData, XML_FALSE);
+}
+
 /**
 * XML parser setup of the callbacks for the tags
 */
@ -1531,6 +1545,7 @@ xml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now)
 		if(verb) printf("out of memory\n");
 		exit(0);
 	}
+	XML_SetEntityDeclHandler(parser, xml_entitydeclhandler);
 	XML_SetElementHandler(parser, xml_startelem, xml_endelem);
 	XML_SetCharacterDataHandler(parser, xml_charhandle);
 }