medvedych/harbour-books
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity

[fbreader] Fixed the problem with external XML entities

Browse source 
XML parser's "hash_secret_salt" has to be set to anything non-zero.
Otherwise this parser won't be able to use the entity cache filled
by the child DTD parsers. For more details see CVE-2012-0876 and
http://sourceforge.net/p/expat/bugs/496/
This commit is contained in:
Slava Monich 2015-12-14 12:33:29 +03:00
parent c9ec2cb51e
commit bd3dbb7d19
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
fbreader/fbreader/zlibrary/core/src/xml/expat/ZLXMLReaderInternal.cpp
View file

@ -107,6 +107,10 @@ static void parseDTD(XML_Parser parser, const std::string &fileName) {
ZLXMLReaderInternal::ZLXMLReaderInternal(ZLXMLReader &reader, const char *encoding) : myReader(reader) {
myParser = XML_ParserCreate(encoding);
myInitialized = false;
// Set salt to anything non-zero. Otherwise this parser won't be able
// to use the entity cache filled by the child DTD parsers. For more
// details see CVE-2012-0876 and http://sourceforge.net/p/expat/bugs/496/
XML_SetHashSalt(myParser, 42);
}
ZLXMLReaderInternal::~ZLXMLReaderInternal() {