Revert "Add an XML_PARSE_NOXXE flag to block all entities loading eve…

…n local" This reverts commit 2304078. The new flag doesn't work and the change even broke the XML_PARSE_NONET option.
m-7761 · Jun 6, 2017 · 030b1f7 · 030b1f7
1 parent 897dffb
commit 030b1f7
Show file tree

Hide file tree

Showing 7 changed files with 6 additions and 65 deletions.
diff --git a/elfgcchack.h b/elfgcchack.h
@@ -6547,16 +6547,6 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
 #endif
 #endif
 
-#ifdef bottom_xmlIO
-#undef xmlNoXxeExternalEntityLoader
-extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
-#else
-#ifndef xmlNoXxeExternalEntityLoader
-extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
-#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
-#endif
-#endif
-
 #ifdef bottom_tree
 #undef xmlNodeAddContent
 extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));

diff --git a/include/libxml/parser.h b/include/libxml/parser.h
@@ -1111,8 +1111,7 @@ typedef enum {
     XML_PARSE_HUGE      = 1<<19,/* relax any hardcoded limit from the parser */
     XML_PARSE_OLDSAX    = 1<<20,/* parse using SAX2 interface before 2.7.0 */
     XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
-    XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
-    XML_PARSE_NOXXE	= 1<<23 /* Forbid any external entity loading */
+    XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
 } xmlParserOption;
 
 XMLPUBFUN void XMLCALL

diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
@@ -299,14 +299,6 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
 					 const char *ID,
 					 xmlParserCtxtPtr ctxt);
 
-/*
- * A predefined entity loader external entity expansion
- */
-XMLPUBFUN xmlParserInputPtr XMLCALL
-	xmlNoXxeExternalEntityLoader	(const char *URL,
-					 const char *ID,
-					 xmlParserCtxtPtr ctxt);
-
 /*
  * xmlNormalizeWindowsPath is obsolete, don't use it.
  * Check xmlCanonicPath in uri.h for a better alternative.

diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
@@ -470,7 +470,6 @@ typedef enum {
     XML_IO_EADDRINUSE, /* 1554 */
     XML_IO_EALREADY, /* 1555 */
     XML_IO_EAFNOSUPPORT, /* 1556 */
-    XML_IO_ILLEGAL_XXE, /* 1557 */
     XML_XINCLUDE_RECURSION=1600,
     XML_XINCLUDE_PARSE_VALUE, /* 1601 */
     XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */

diff --git a/parser.c b/parser.c
@@ -15314,10 +15314,6 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
 	ctxt->options |= XML_PARSE_NONET;
         options -= XML_PARSE_NONET;
     }
-    if (options & XML_PARSE_NOXXE) {
-	ctxt->options |= XML_PARSE_NOXXE;
-        options -= XML_PARSE_NOXXE;
-    }
     if (options & XML_PARSE_COMPACT) {
 	ctxt->options |= XML_PARSE_COMPACT;
         options -= XML_PARSE_COMPACT;

diff --git a/xmlIO.c b/xmlIO.c
@@ -210,7 +210,6 @@ static const char *IOerr[] = {
     "adddress in use",		/* EADDRINUSE */
     "already in use",		/* EALREADY */
     "unknown address familly",	/* EAFNOSUPPORT */
-    "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
 };
 
 #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
@@ -4054,22 +4053,13 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
     xmlGenericError(xmlGenericErrorContext,
                     "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
 #endif
-    if (ctxt != NULL) {
+    if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
         int options = ctxt->options;
 
-        if (options & XML_PARSE_NOXXE) {
-            ctxt->options -= XML_PARSE_NOXXE;
-            ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
-            ctxt->options = options;
-            return(ret);
-        }
-
-        if (options & XML_PARSE_NONET) {
-            ctxt->options -= XML_PARSE_NONET;
-            ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
-            ctxt->options = options;
-            return(ret);
-        }
+	ctxt->options -= XML_PARSE_NONET;
+        ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
+	ctxt->options = options;
+	return(ret);
     }
 #ifdef LIBXML_CATALOG_ENABLED
     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
@@ -4170,13 +4160,6 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
     xmlParserInputPtr input = NULL;
     xmlChar *resource = NULL;
 
-    if (ctxt == NULL) {
-        return(NULL);
-    }
-    if (ctxt->input_id == 1) {
-        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
-    }
-
 #ifdef LIBXML_CATALOG_ENABLED
     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
 #endif
@@ -4199,18 +4182,5 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
     return(input);
 }
 
-xmlParserInputPtr
-xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
-                          xmlParserCtxtPtr ctxt) {
-    if (ctxt == NULL) {
-        return(NULL);
-    }
-    if (ctxt->input_id == 1) {
-        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
-    }
-    xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
-    return(NULL);
-}
-
 #define bottom_xmlIO
 #include "elfgcchack.h"
diff --git a/xmllint.c b/xmllint.c
@@ -3019,7 +3019,6 @@ static void usage(const char *name) {
     printf("\t--path 'paths': provide a set of paths for resources\n");
     printf("\t--load-trace : print trace of all external entities loaded\n");
     printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
-    printf("\t--noxxe : forbid any external entity loading\n");
     printf("\t--nocompact : do not generate compact text nodes\n");
     printf("\t--htmlout : output results as HTML\n");
     printf("\t--nowrap : do not put HTML doc wrapper\n");
@@ -3462,10 +3461,6 @@ main(int argc, char **argv) {
                    (!strcmp(argv[i], "--nonet"))) {
 	    options |= XML_PARSE_NONET;
 	    xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
-        } else if ((!strcmp(argv[i], "-noxxe")) ||
-                   (!strcmp(argv[i], "--noxxe"))) {
-	    options |= XML_PARSE_NOXXE;
-	    xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
         } else if ((!strcmp(argv[i], "-nocompact")) ||
                    (!strcmp(argv[i], "--nocompact"))) {
 	    options &= ~XML_PARSE_COMPACT;