307 lines
11 KiB
Diff
307 lines
11 KiB
Diff
From 79301d3d5e553d46fc3201f48dcec3a93068c5a2 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Fri, 18 Dec 2020 12:50:21 +0100
|
|
Subject: [PATCH] Fix timeout when handling recursive entities
|
|
|
|
Abort parsing early to avoid an almost infinite loop in certain error
|
|
cases involving recursive entities.
|
|
|
|
Found with libFuzzer.
|
|
---
|
|
parser.c | 1 +
|
|
result/errors/rec_ext_ent.xml.ent | 178 +++++-------------------------
|
|
2 files changed, 30 insertions(+), 149 deletions(-)
|
|
|
|
diff --git a/parser.c b/parser.c
|
|
index 43b88358..a7bdc7f3 100644
|
|
--- a/parser.c
|
|
+++ b/parser.c
|
|
@@ -7158,6 +7158,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
|
ent->checked |= 1;
|
|
if (ret == XML_ERR_ENTITY_LOOP) {
|
|
xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
|
|
+ xmlHaltParser(ctxt);
|
|
xmlFreeNodeList(list);
|
|
return;
|
|
}
|
|
diff --git a/result/errors/rec_ext_ent.xml.ent b/result/errors/rec_ext_ent.xml.ent
|
|
index 30dd2854..d8ccec14 100644
|
|
--- a/result/errors/rec_ext_ent.xml.ent
|
|
+++ b/result/errors/rec_ext_ent.xml.ent
|
|
@@ -1,243 +1,123 @@
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
|
|
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
|
|
<ent>&e; &e; &e; &e;</ent>
|
|
^
|
|
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
|
|
-
|
|
-^
|
|
-./test/errors/rec_ext_ent.xml:4: parser error : Entity 'e' failed to parse
|
|
+./test/errors/rec_ext_ent.xml:4: parser error : Detected an entity reference loop
|
|
<doc>&e; &e; &e; &e;</doc>
|
|
^
|
|
--
|
|
2.27.0
|
|
|