Package: libxml-libxml-perl / 2.0116+dfsg-1+deb8u2

CVE-2015-3451.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
Description: Fix CVE-2015-3451: expand_entities set to 0 is not preserved after a _clone() call
Origin: upstream, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30,
 https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
Bug-Debian: https://bugs.debian.org/783443
Forwarded: not-needed
Author: Shlomi Fish <shlomif@shlomifish.org>
Last-Update: 2015-05-01
Applied-Upstream: 2.0120

--- a/LibXML.pm
+++ b/LibXML.pm
@@ -396,8 +396,11 @@ sub _clone {
       line_numbers => $self->{XML_LIBXML_LINENUMBERS},
       base_uri => $self->{XML_LIBXML_BASE_URI},
       gdome => $self->{XML_LIBXML_GDOME},
-      set_parser_flags => $self->{XML_LIBXML_PARSER_OPTIONS},
     });
+  # The parser options may contain some options that were zeroed from the
+  # defaults so set_parser_flags won't work here. We need to assign them
+  # explicitly.
+  $new->{XML_LIBXML_PARSER_OPTIONS} = $self->{XML_LIBXML_PARSER_OPTIONS};
   $new->input_callbacks($self->input_callbacks());
   return $new;
 }
--- a/t/43options.t
+++ b/t/43options.t
@@ -3,7 +3,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 289;
+use Test::More tests => 290;
 
 use XML::LibXML;
 
@@ -125,6 +125,44 @@ no_network
 }
 
 {
+    my $XML = <<'EOT';
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE title [ <!ELEMENT title ANY >
+<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+<rss version="2.0">
+<channel>
+    <link>example.com</link>
+    <description>XXE</description>
+    <item>
+        <title>&xxe;</title>
+        <link>example.com</link>
+        <description>XXE here</description>
+    </item>
+</channel>
+</rss>
+EOT
+
+    my $sys_line = <<'EOT';
+<title>&xxe;</title>
+EOT
+
+    chomp ($sys_line);
+
+    my $parser = XML::LibXML->new(
+        expand_entities => 0,
+        load_ext_dtd    => 0,
+        no_network      => 1,
+        expand_xinclude => 0,
+    );
+    my $XML_DOC = $parser->load_xml( string => $XML, );
+
+    # TEST
+    ok (scalar($XML_DOC->toString() =~ m{\Q$sys_line\E}),
+        "expand_entities is preserved after _clone()/etc."
+    );
+}
+
+{
   my $p = XML::LibXML->new(map { $_=>1 } @all);
   for my $opt (@all) {
     # TEST*$all