[fbreader] Fixed the problem with external XML entities

XML parser's "hash_secret_salt" has to be set to anything non-zero.
Otherwise this parser won't be able to use the entity cache filled
by the child DTD parsers. For more details see CVE-2012-0876 and
http://sourceforge.net/p/expat/bugs/496/
This commit is contained in:
Slava Monich 2015-12-14 12:33:29 +03:00
parent c9ec2cb51e
commit bd3dbb7d19

View file

@ -107,6 +107,10 @@ static void parseDTD(XML_Parser parser, const std::string &fileName) {
ZLXMLReaderInternal::ZLXMLReaderInternal(ZLXMLReader &reader, const char *encoding) : myReader(reader) { ZLXMLReaderInternal::ZLXMLReaderInternal(ZLXMLReader &reader, const char *encoding) : myReader(reader) {
myParser = XML_ParserCreate(encoding); myParser = XML_ParserCreate(encoding);
myInitialized = false; myInitialized = false;
// Set salt to anything non-zero. Otherwise this parser won't be able
// to use the entity cache filled by the child DTD parsers. For more
// details see CVE-2012-0876 and http://sourceforge.net/p/expat/bugs/496/
XML_SetHashSalt(myParser, 42);
} }
ZLXMLReaderInternal::~ZLXMLReaderInternal() { ZLXMLReaderInternal::~ZLXMLReaderInternal() {