[fbreader] Fixed the problem with external XML entities
XML parser's "hash_secret_salt" has to be set to anything non-zero. Otherwise this parser won't be able to use the entity cache filled by the child DTD parsers. For more details see CVE-2012-0876 and http://sourceforge.net/p/expat/bugs/496/
This commit is contained in:
parent
c9ec2cb51e
commit
bd3dbb7d19
1 changed files with 4 additions and 0 deletions
|
@ -107,6 +107,10 @@ static void parseDTD(XML_Parser parser, const std::string &fileName) {
|
||||||
ZLXMLReaderInternal::ZLXMLReaderInternal(ZLXMLReader &reader, const char *encoding) : myReader(reader) {
|
ZLXMLReaderInternal::ZLXMLReaderInternal(ZLXMLReader &reader, const char *encoding) : myReader(reader) {
|
||||||
myParser = XML_ParserCreate(encoding);
|
myParser = XML_ParserCreate(encoding);
|
||||||
myInitialized = false;
|
myInitialized = false;
|
||||||
|
// Set salt to anything non-zero. Otherwise this parser won't be able
|
||||||
|
// to use the entity cache filled by the child DTD parsers. For more
|
||||||
|
// details see CVE-2012-0876 and http://sourceforge.net/p/expat/bugs/496/
|
||||||
|
XML_SetHashSalt(myParser, 42);
|
||||||
}
|
}
|
||||||
|
|
||||||
ZLXMLReaderInternal::~ZLXMLReaderInternal() {
|
ZLXMLReaderInternal::~ZLXMLReaderInternal() {
|
||||||
|
|
Loading…
Reference in a new issue