c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

parser: Prepare to make decompression opt-in

Browse Source 
Add a new parser option XML_PARSE_UNZIP that enables decompression.
xmlReadFile, xmlCtxtReadFile and xmlCreateURLParserCtxt always set
this option currently, but downstream users should start to set the
option if they really need it.
This commit is contained in:
Nick Wellnhofer 2025-01-28 23:21:34 +01:00
parent a78843be5e
commit 1082d813e8
5 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -15,7 +15,7 @@ existing parser context was added.
The xmlSave API now has additional options to replace global settings.
Parser options XML_PARSE_NO_UNZIP, XML_PARSE_NO_SYS_CATALOG and
Parser options XML_PARSE_UNZIP, XML_PARSE_NO_SYS_CATALOG and
XML_PARSE_NO_CATALOG_PI were added.
The serialization API will now take user-provided or default encodings

2
include/libxml/parser.h
View File

@ -1417,7 +1417,7 @@ typedef enum {
/* since 2.13.0 */
XML_PARSE_NO_XXE = 1<<23,/* disable loading of external content */
/* since 2.14.0 */
XML_PARSE_NO_UNZIP = 1<<24,/* disable compressed content */
XML_PARSE_UNZIP = 1<<24,/* allow compressed content */
XML_PARSE_NO_SYS_CATALOG = 1<<25,/* disable global system catalog */
XML_PARSE_NO_CATALOG_PI = 1<<26 /* ignore catalog PIs */
} xmlParserOption;

29
parser.c
View File

@ -12836,6 +12836,8 @@ xmlCreateURLParserCtxt(const char *filename, int options)
if (ctxt == NULL)
return(NULL);
options |= XML_PARSE_UNZIP;
xmlCtxtUseOptions(ctxt, options);
ctxt->linenumbers = 1;
@ -13576,7 +13578,7 @@ xmlCtxtSetOptionsInternal(xmlParserCtxtPtr ctxt, int options, int keepMask)
XML_PARSE_IGNORE_ENC |
XML_PARSE_BIG_LINES |
XML_PARSE_NO_XXE |
XML_PARSE_NO_UNZIP |
XML_PARSE_UNZIP |
XML_PARSE_NO_SYS_CATALOG |
XML_PARSE_NO_CATALOG_PI;
@ -13773,9 +13775,9 @@ xmlCtxtSetOptionsInternal(xmlParserCtxtPtr ctxt, int options, int keepMask)
*
* Enable reporting of line numbers larger than 65535.
*
* XML_PARSE_NO_UNZIP
* XML_PARSE_UNZIP
*
* Disables input decompression. Setting this option is recommended
* Enable input decompression. Setting this option is discouraged
* to avoid zip bombs.
*
* Available since 2.14.0.
@ -13997,6 +13999,11 @@ xmlReadDoc(const xmlChar *cur, const char *URL, const char *encoding,
* Convenience function to parse an XML file from the filesystem,
* the network or a global user-define resource loader.
*
* This function always enables the XML_PARSE_UNZIP option for
* backward compatibility. If a "-" filename is passed, it will
* read from stdin. Both of these features are potentially
* insecure and might be removed from later versions.
*
* See xmlCtxtReadFile for details.
*
* Returns the resulting document tree
@ -14012,6 +14019,8 @@ xmlReadFile(const char *filename, const char *encoding, int options)
if (ctxt == NULL)
return(NULL);
options |= XML_PARSE_UNZIP;
xmlCtxtUseOptions(ctxt, options);
/*
@ -14021,7 +14030,7 @@ xmlReadFile(const char *filename, const char *encoding, int options)
*/
if ((filename != NULL) && (filename[0] == '-') && (filename[1] == 0))
input = xmlCtxtNewInputFromFd(ctxt, filename, STDIN_FILENO,
encoding, XML_INPUT_UNZIP);
encoding, 0);
else
input = xmlCtxtNewInputFromUrl(ctxt, filename, NULL, encoding, 0);
@ -14198,6 +14207,10 @@ xmlCtxtReadDoc(xmlParserCtxtPtr ctxt, const xmlChar *str,
* Parse an XML file from the filesystem, the network or a user-defined
* resource loader.
*
* This function always enables the XML_PARSE_UNZIP option for
* backward compatibility. This feature is potentially insecure
* and might be removed from later versions.
*
* Returns the resulting document tree
*/
xmlDocPtr
@ -14209,6 +14222,8 @@ xmlCtxtReadFile(xmlParserCtxtPtr ctxt, const char *filename,
if (ctxt == NULL)
return(NULL);
options |= XML_PARSE_UNZIP;
xmlCtxtReset(ctxt);
xmlCtxtUseOptions(ctxt, options);
@ -14283,7 +14298,6 @@ xmlCtxtReadFd(xmlParserCtxtPtr ctxt, int fd,
const char *URL, const char *encoding, int options)
{
xmlParserInputPtr input;
int inputFlags;
if (ctxt == NULL)
return(NULL);
@ -14291,10 +14305,7 @@ xmlCtxtReadFd(xmlParserCtxtPtr ctxt, int fd,
xmlCtxtReset(ctxt);
xmlCtxtUseOptions(ctxt, options);
inputFlags = 0;
if ((options & XML_PARSE_NO_UNZIP) == 0)
inputFlags |= XML_INPUT_UNZIP;
input = xmlCtxtNewInputFromFd(ctxt, URL, fd, encoding, inputFlags);
input = xmlCtxtNewInputFromFd(ctxt, URL, fd, encoding, 0);
if (input == NULL)
return(NULL);

7
parserInternals.c
View File

@ -1968,6 +1968,9 @@ xmlCtxtNewInputFromFd(xmlParserCtxtPtr ctxt, const char *url,
if ((ctxt == NULL) || (fd < 0))
return(NULL);
if (ctxt->options & XML_PARSE_UNZIP)
flags |= XML_INPUT_UNZIP;
input = xmlNewInputFromFd(url, fd, flags);
if (input == NULL) {
xmlCtxtErrMemory(ctxt);
@ -2457,7 +2460,7 @@ xmlNewInputFromFile(xmlParserCtxtPtr ctxt, const char *filename) {
if ((ctxt == NULL) || (filename == NULL))
return(NULL);
if ((ctxt->options & XML_PARSE_NO_UNZIP) == 0)
if (ctxt->options & XML_PARSE_UNZIP)
flags |= XML_INPUT_UNZIP;
if ((ctxt->options & XML_PARSE_NONET) == 0)
flags |= XML_INPUT_NETWORK;
@ -2629,7 +2632,7 @@ xmlLoadResource(xmlParserCtxtPtr ctxt, const char *url, const char *publicId,
url = resource;
#endif
if ((ctxt->options & XML_PARSE_NO_UNZIP) == 0)
if (ctxt->options & XML_PARSE_UNZIP)
flags |= XML_INPUT_UNZIP;
if ((ctxt->options & XML_PARSE_NONET) == 0)
flags |= XML_INPUT_NETWORK;

5
xmllint.c
View File

@ -395,9 +395,10 @@ parseXml(xmllintState *lint, const char *filename) {
} else {
if (strcmp(filename, "-") == 0)
doc = xmlCtxtReadFd(ctxt, STDIN_FILENO, "-", NULL,
lint->options);
lint->options | XML_PARSE_UNZIP);
else
doc = xmlCtxtReadFile(ctxt, filename, NULL, lint->options);
doc = xmlCtxtReadFile(ctxt, filename, NULL,
lint->options | XML_PARSE_UNZIP);
}
return(doc);