From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 15 Apr 2014 10:20:29 +0000 (+0100)
Subject: LSN-2014-0003: Don't expand entities when parsing XML
X-Git-Tag: CVE-2014-0179^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d6b27d3e4c40946efa79e91d134616b41b1666c4;p=thirdparty%2Flibvirt.git

LSN-2014-0003: Don't expand entities when parsing XML

If the XML_PARSE_NOENT flag is passed to libxml2, then any
entities in the input document will be fully expanded. This
allows the user to read arbitrary files on the host machine
by creating an entity pointing to a local file. Removing
the XML_PARSE_NOENT flag means that any entities are left
unchanged by the parser, or expanded to "" by the XPath
APIs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/util/virxml.c b/src/util/virxml.c
index 9f00f62cc6..34af64a01f 100644
--- a/src/util/virxml.c
+++ b/src/util/virxml.c
@@ -746,11 +746,11 @@ virXMLParseHelper(int domcode,
 
     if (filename) {
         xml = xmlCtxtReadFile(pctxt, filename, NULL,
-                              XML_PARSE_NOENT | XML_PARSE_NONET |
+                              XML_PARSE_NONET |
                               XML_PARSE_NOWARNING);
     } else {
         xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL,
-                             XML_PARSE_NOENT | XML_PARSE_NONET |
+                             XML_PARSE_NONET |
                              XML_PARSE_NOWARNING);
     }
     if (!xml)