From bd3dbb7d19b37d0758efc5a062a72e36a8227a0c Mon Sep 17 00:00:00 2001
From: Slava Monich <slava.monich@jolla.com>
Date: Mon, 14 Dec 2015 12:33:29 +0300
Subject: [PATCH] [fbreader] Fixed the problem with external XML entities

XML parser's "hash_secret_salt" has to be set to anything non-zero.
Otherwise this parser won't be able to use the entity cache filled
by the child DTD parsers. For more details see CVE-2012-0876 and
http://sourceforge.net/p/expat/bugs/496/
---
 .../zlibrary/core/src/xml/expat/ZLXMLReaderInternal.cpp       | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fbreader/fbreader/zlibrary/core/src/xml/expat/ZLXMLReaderInternal.cpp b/fbreader/fbreader/zlibrary/core/src/xml/expat/ZLXMLReaderInternal.cpp
index dca87a4..1044f18 100644
--- a/fbreader/fbreader/zlibrary/core/src/xml/expat/ZLXMLReaderInternal.cpp
+++ b/fbreader/fbreader/zlibrary/core/src/xml/expat/ZLXMLReaderInternal.cpp
@@ -107,6 +107,10 @@ static void parseDTD(XML_Parser parser, const std::string &fileName) {
 ZLXMLReaderInternal::ZLXMLReaderInternal(ZLXMLReader &reader, const char *encoding) : myReader(reader) {
 	myParser = XML_ParserCreate(encoding);
 	myInitialized = false;
+	// Set salt to anything non-zero. Otherwise this parser won't be able
+	// to use the entity cache filled by the child DTD parsers. For more
+	// details see CVE-2012-0876 and http://sourceforge.net/p/expat/bugs/496/
+	XML_SetHashSalt(myParser, 42);
 }
 
 ZLXMLReaderInternal::~ZLXMLReaderInternal() {