[vhostmd PATCH 04/18] libmetrics: Remove unsafe XML_PARSE_NOENT option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>From coverity scan

Error: UNSAFE_XML_PARSE_CONFIG:
vhostmd-1.1/libmetrics/libmetrics.c:412: unsafe_xml_parse_config: XML parse option should not have flag "XML_PARSE_NOENT" set, which is vulnerable to XML external entity attack.
  410|      mdisk->doc = xmlCtxtReadMemory(mdisk->pctxt, mdisk->buffer,
  411|              mdisk->length, "mdisk.xml", NULL,
  412|->            XML_PARSE_NOENT | XML_PARSE_NONET |
  413|              XML_PARSE_NOWARNING);
  414|      if (!mdisk->doc) {

It should be safe to remove the option.

Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx>
---
 libmetrics/libmetrics.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libmetrics/libmetrics.c b/libmetrics/libmetrics.c
index 4b2369a..2819f80 100644
--- a/libmetrics/libmetrics.c
+++ b/libmetrics/libmetrics.c
@@ -418,9 +418,8 @@ retry:
    }
 
    mdisk->doc = xmlCtxtReadMemory(mdisk->pctxt, mdisk->buffer, 
-           mdisk->length, "mdisk.xml", NULL, 
-           XML_PARSE_NOENT | XML_PARSE_NONET |
-           XML_PARSE_NOWARNING);
+                                  mdisk->length, "mdisk.xml", NULL, 
+                                  XML_PARSE_NONET | XML_PARSE_NOWARNING);
    if (!mdisk->doc) {
       libmsg("%s(): libxml failed to parse mdisk.xml buffer\n", __func__);
       goto error;
-- 
2.16.4


_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
[Index of Archives]     [Linux Virtualization]     [KVM Development]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux