The XML_PARSE_NOENT flag to libxml will cause it to expand all entities in the
input XML document when parsing. Doing this is bad practice if the XML input
file comes from an untrusted source, because it can cause the XML parser to load
arbitrary files that are readable by the user running XML parsing. This is does
not have an security consequences given the scenario in which osinfo-db-validate
is run since the intended usage is to validate files that are written by the
local user, or by the upstream libosinfo maintainers.
In the future though, libosinfo might be able to dynamically download data from
the website to refresh its local database, so it is wise to avoid entity
expansion as a hardening step.
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
tools/osinfo-db-validate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/osinfo-db-validate.c b/tools/osinfo-db-validate.c
index d8c3af9..530b8a1 100644
--- a/tools/osinfo-db-validate.c
+++ b/tools/osinfo-db-validate.c
@@ -64,7 +64,7 @@ static xmlDocPtr parse_file(GFile *file, GError **error)
}
if (!(doc = xmlCtxtReadDoc(pctxt, (const xmlChar*)data, uri, NULL,
- XML_PARSE_NOENT | XML_PARSE_NONET |
+ XML_PARSE_NONET |
XML_PARSE_NOWARNING))) {
g_set_error(error, OSINFO_DB_ERROR, 0,
_("Unable to parse XML document '%s'"),
--
2.13.6
_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo
