summaryrefslogtreecommitdiff
path: root/AUTHORS
diff options
context:
space:
mode:
authorNick Wellnhofer <wellnhofer@aevum.de>2021-06-12 20:02:53 +0200
committerDongHun Kwak <dh0128.kwak@samsung.com>2023-01-12 10:49:22 +0900
commitdde2f731faa5f53f416d96ba738b03034038b0d1 (patch)
tree8c9651dd078214865239b83091775ec151ec34f1 /AUTHORS
parent52575733efa1b63a3f5fa615821c38c54387d409 (diff)
downloadlibxslt-accepted/tizen_6.0_base_tool.tar.gz
libxslt-accepted/tizen_6.0_base_tool.tar.bz2
libxslt-accepted/tizen_6.0_base_tool.zip
xsltApplyTemplates without a select expression could delete nodes in the source document. 1. Text nodes with strippable whitespace Whitespace from input documents is already stripped, so there's no need to strip it again. Under certain circumstances, xsltApplyTemplates could be fooled into deleting text nodes that are still referenced, resulting in a use-after-free. 2. The DTD The DTD was only unlinked, but there's no good reason to do this just now. Maybe it was meant as a micro-optimization. 3. Unknown nodes Useless and dangerous as well, especially with XInclude nodes. See https://gitlab.gnome.org/GNOME/libxml2/-/issues/268 Simply stop trying to uselessly delete nodes when applying a template. This part of the code is probably a leftover from a time where xsltApplyStripSpaces wasn't implemented yet. Also note that xsltApplyTemplates with a select expression never tried to delete nodes. Also stop xsltDefaultProcessOneNode from deleting nodes for the same reasons. This fixes CVE-2021-30560. Change-Id: I2931b52883f49f2a22b6b984cabb22f0af7b99e8 Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Diffstat (limited to 'AUTHORS')
0 files changed, 0 insertions, 0 deletions