On Thu, Oct 26, 2017 at 2:18 PM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote:
> The XML_PARSE_NOENT flag to libxml will cause it to expand all entities in the
> input XML document when parsing. Doing this is bad practice if the XML input
> file comes from an untrusted source, because it can cause the XML parser to load
> arbitrary files that are readable by the user running XML parsing. This is does
> not have an security consequences given the scenario in which osinfo-db-validate
> is run since the intended usage is to validate files that are written by the
> local user, or by the upstream libosinfo maintainers.
>
> In the future though, libosinfo might be able to dynamically download data from
> the website to refresh its local database, so it is wise to avoid entity
> expansion as a hardening step.
>
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
> tools/osinfo-db-validate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/osinfo-db-validate.c b/tools/osinfo-db-validate.c
> index d8c3af9..530b8a1 100644
> --- a/tools/osinfo-db-validate.c
> +++ b/tools/osinfo-db-validate.c
> @@ -64,7 +64,7 @@ static xmlDocPtr parse_file(GFile *file, GError **error)
> }
>
> if (!(doc = xmlCtxtReadDoc(pctxt, (const xmlChar*)data, uri, NULL,
> - XML_PARSE_NOENT | XML_PARSE_NONET |
> + XML_PARSE_NONET |
> XML_PARSE_NOWARNING))) {
> g_set_error(error, OSINFO_DB_ERROR, 0,
> _("Unable to parse XML document '%s'"),
> --
> 2.13.6
>
> _______________________________________________
> Libosinfo mailing list
> Libosinfo@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libosinfo
ACK!
--
Fabiano Fidêncio
_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo
