From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 20 Dec 2012 08:22:39 +0000 (+0000)
Subject: - Fix unbound-anchor xml parse of entity declarations for safety.
X-Git-Tag: release-1.4.20rc1~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=064bd4e2bd03979cd913dd9e1d213ce60c6fe86d;p=thirdparty%2Funbound.git

- Fix unbound-anchor xml parse of entity declarations for safety.


git-svn-id: file:///svn/unbound/trunk@2797 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 01f8204e6..6ceeba526 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+20 December 2012: Wouter
+	- Fix unbound-anchor xml parse of entity declarations for safety.
+
 19 December 2012: Wouter
 	- iana portlist updated.
 
diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c
index cd846106a..1448002ba 100644
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -1503,6 +1503,20 @@ xml_endelem(void *userData, const XML_Char *name)
 	}
 }
 
+/* Stop the parser when an entity declaration is encountered. For safety. */
+static void
+xml_entitydeclhandler(void *userData,
+	const XML_Char *ATTR_UNUSED(entityName),
+	int ATTR_UNUSED(is_parameter_entity),
+	const XML_Char *ATTR_UNUSED(value), int ATTR_UNUSED(value_length),
+	const XML_Char *ATTR_UNUSED(base),
+	const XML_Char *ATTR_UNUSED(systemId),
+	const XML_Char *ATTR_UNUSED(publicId),
+	const XML_Char *ATTR_UNUSED(notationName))
+{
+	XML_StopParser((XML_Parser)userData, XML_FALSE);
+}
+
 /**
  * XML parser setup of the callbacks for the tags
  */
@@ -1531,6 +1545,7 @@ xml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now)
 		if(verb) printf("out of memory\n");
 		exit(0);
 	}
+	XML_SetEntityDeclHandler(parser, xml_entitydeclhandler);
 	XML_SetElementHandler(parser, xml_startelem, xml_endelem);
 	XML_SetCharacterDataHandler(parser, xml_charhandle);
 }