[vhostmd PATCH 14/18] vhostmd: Remove unsafe XML_PARSE_NOENT option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>From coverity scan

vhostmd-1.1/vhostmd/vhostmd.c:553: unsafe_xml_parse_config: XML parse option should not have flag "XML_PARSE_NOENT" set, which is vulnerable to XML external entty attack.
  551|
  552|      xml = xmlCtxtReadFile(pctxt, filename, NULL,
  553|->                          XML_PARSE_NOENT | XML_PARSE_NONET |
  554|                            XML_PARSE_NOWARNING);
  555|      if (!xml) {

Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx>
---
 vhostmd/vhostmd.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/vhostmd/vhostmd.c b/vhostmd/vhostmd.c
index 3d1d53e..4d04989 100644
--- a/vhostmd/vhostmd.c
+++ b/vhostmd/vhostmd.c
@@ -552,8 +552,7 @@ static int parse_config_file(const char *filename)
       goto out;
 
    xml = xmlCtxtReadFile(pctxt, filename, NULL,
-                         XML_PARSE_NOENT | XML_PARSE_NONET |
-                         XML_PARSE_NOWARNING);
+                         XML_PARSE_NONET | XML_PARSE_NOWARNING);
    if (!xml) {
       vu_log(VHOSTMD_ERR, "libxml failed to parse config file %s",
                   filename);
-- 
2.16.4


_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
[Index of Archives]     [Linux Virtualization]     [KVM Development]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux