diff options
Diffstat (limited to 'src/xmlsec.c')
-rw-r--r-- | src/xmlsec.c | 122 |
1 files changed, 76 insertions, 46 deletions
diff --git a/src/xmlsec.c b/src/xmlsec.c index 6098d3c5..4225d842 100644 --- a/src/xmlsec.c +++ b/src/xmlsec.c @@ -1,13 +1,19 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * General functions. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:xmlsec + * @Short_description: Utility functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -23,6 +29,53 @@ #include <xmlsec/io.h> #include <xmlsec/errors.h> +/* + * Custom external entity handler, denies all files except the initial + * document we're parsing (input_id == 1) + */ +/* default external entity loader, pointer saved during xmlInit */ +static xmlExternalEntityLoader +xmlSecDefaultExternalEntityLoader = NULL; + +/* + * xmlSecNoXxeExternalEntityLoader: + * @URL: the URL for the entity to load + * @ID: public ID for the entity to load + * @ctxt: XML parser context, or NULL + * + * See libxml2's xmlLoadExternalEntity and xmlNoNetExternalEntityLoader. + * This function prevents any external (file or network) entities from being loaded. + */ +static xmlParserInputPtr +xmlSecNoXxeExternalEntityLoader(const char *URL, const char *ID, + xmlParserCtxtPtr ctxt) { + if (ctxt == NULL) { + return(NULL); + } + if (ctxt->input_id == 1) { + return xmlSecDefaultExternalEntityLoader((const char *) URL, ID, ctxt); + } + xmlSecXmlError2("xmlSecNoXxeExternalEntityLoader", NULL, + "illegal external entity='%s'", xmlSecErrorsSafeString(URL)); + return(NULL); +} + +/* + * xmlSecSetExternalEntityLoader: + * @entityLoader: the new entity resolver function, or NULL to restore + * libxml2's default handler + * + * Wrapper for xmlSetExternalEntityLoader. + */ +void +xmlSecSetExternalEntityLoader(xmlExternalEntityLoader entityLoader) { + if (entityLoader == NULL) { + entityLoader = xmlSecDefaultExternalEntityLoader; + } + xmlSetExternalEntityLoader(entityLoader); +} + + /** * xmlSecInit: * @@ -38,37 +91,30 @@ xmlSecInit(void) { #ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLInit", NULL); return(-1); } #endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */ if(xmlSecKeyDataIdsInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataIdsInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsInit", NULL); return(-1); } if(xmlSecTransformIdsInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsInit", NULL); return(-1); } + /* initialise safe external entity loader */ + if (!xmlSecDefaultExternalEntityLoader) { + xmlSecDefaultExternalEntityLoader = xmlGetExternalEntityLoader(); + } + xmlSetExternalEntityLoader(xmlSecNoXxeExternalEntityLoader); /* we use rand() function to generate id attributes */ - srand(time(NULL)); + srand((unsigned int)time(NULL)); return(0); } @@ -88,11 +134,7 @@ xmlSecShutdown(void) { #ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLShutdown() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLShutdown", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLShutdown", NULL); res = -1; } #endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */ @@ -129,39 +171,27 @@ int xmlSecCheckVersionExt(int major, int minor, int subminor, xmlSecCheckVersionMode mode) { /* we always want to have a match for major version number */ if(major != XMLSEC_VERSION_MAJOR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "expected major version=%d;real major version=%d", - XMLSEC_VERSION_MAJOR, major); + xmlSecOtherError3(XMLSEC_ERRORS_R_INVALID_VERSION, NULL, + "expected major version=%d;real major version=%d", + XMLSEC_VERSION_MAJOR, major); return(0); } switch(mode) { case xmlSecCheckVersionExactMatch: if((minor != XMLSEC_VERSION_MINOR) || (subminor != XMLSEC_VERSION_SUBMINOR)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "mode=exact;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d", - XMLSEC_VERSION_MINOR, minor, - XMLSEC_VERSION_SUBMINOR, subminor); + xmlSecOtherError5(XMLSEC_ERRORS_R_INVALID_VERSION, NULL, + "mode=exact;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d", + XMLSEC_VERSION_MINOR, minor, XMLSEC_VERSION_SUBMINOR, subminor); return(0); } break; case xmlSecCheckVersionABICompatible: - if((minor > XMLSEC_VERSION_MINOR) || - ((minor == XMLSEC_VERSION_MINOR) && - (subminor > XMLSEC_VERSION_SUBMINOR))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "mode=abi compatible;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d", - XMLSEC_VERSION_MINOR, minor, - XMLSEC_VERSION_SUBMINOR, subminor); + if((minor > XMLSEC_VERSION_MINOR) || ((minor == XMLSEC_VERSION_MINOR) && + (subminor > XMLSEC_VERSION_SUBMINOR))) { + xmlSecOtherError5(XMLSEC_ERRORS_R_INVALID_VERSION, NULL, + "mode=abi compatible;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d", + XMLSEC_VERSION_MINOR, minor, XMLSEC_VERSION_SUBMINOR, subminor); return(0); } break; |