You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 lines
1.5 KiB
42 lines
1.5 KiB
From 3d4f3acdfc9f937bea946bb1c7dfad1f3516a6ce Mon Sep 17 00:00:00 2001
|
|
From: Jim Fehlig <jfehlig@suse.com>
|
|
Date: Mon, 6 Jan 2020 17:42:39 -0700
|
|
Subject: [PATCH 05/19] libmetrics: Remove unsafe XML_PARSE_NOENT option
|
|
|
|
From coverity scan
|
|
|
|
Error: UNSAFE_XML_PARSE_CONFIG:
|
|
vhostmd-1.1/libmetrics/libmetrics.c:412: unsafe_xml_parse_config: XML parse option should not have flag "XML_PARSE_NOENT" set, which is vulnerable to XML external entity attack.
|
|
410| mdisk->doc = xmlCtxtReadMemory(mdisk->pctxt, mdisk->buffer,
|
|
411| mdisk->length, "mdisk.xml", NULL,
|
|
412|-> XML_PARSE_NOENT | XML_PARSE_NONET |
|
|
413| XML_PARSE_NOWARNING);
|
|
414| if (!mdisk->doc) {
|
|
|
|
It should be safe to remove the option.
|
|
|
|
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
|
|
---
|
|
libmetrics/libmetrics.c | 5 ++---
|
|
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/libmetrics/libmetrics.c b/libmetrics/libmetrics.c
|
|
index 4b2369a..2819f80 100644
|
|
--- a/libmetrics/libmetrics.c
|
|
+++ b/libmetrics/libmetrics.c
|
|
@@ -418,9 +418,8 @@ retry:
|
|
}
|
|
|
|
mdisk->doc = xmlCtxtReadMemory(mdisk->pctxt, mdisk->buffer,
|
|
- mdisk->length, "mdisk.xml", NULL,
|
|
- XML_PARSE_NOENT | XML_PARSE_NONET |
|
|
- XML_PARSE_NOWARNING);
|
|
+ mdisk->length, "mdisk.xml", NULL,
|
|
+ XML_PARSE_NONET | XML_PARSE_NOWARNING);
|
|
if (!mdisk->doc) {
|
|
libmsg("%s(): libxml failed to parse mdisk.xml buffer\n", __func__);
|
|
goto error;
|
|
--
|
|
2.32.0
|
|
|