Package: xmltooling / 1.6.0-4+deb9u2

security/CVE-2018-0486-Block-entity-reference-nodes-during-unmarsh.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 10 Jan 2018 12:20:07 -0500
Subject: CVE-2018-0486 - Block entity reference nodes during unmarshalling.

https://issues.shibboleth.net/jira/browse/CPPXT-127
---
 xmltooling/io/AbstractXMLObjectUnmarshaller.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp b/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp
index ae2709e..487348e 100644
--- a/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp
+++ b/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp
@@ -206,6 +206,8 @@ void AbstractXMLObjectUnmarshaller::unmarshallContent(const DOMElement* domEleme
         else if (childNode->getNodeType() == DOMNode::TEXT_NODE || childNode->getNodeType() == DOMNode::CDATA_SECTION_NODE) {
             m_log.debug("processing text content at position (%d)", position);
             setTextContent(childNode->getNodeValue(), position);
+        } else if (childNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE || childNode->getNodeType() == DOMNode::ENTITY_NODE) {
+            throw UnmarshallingException("Unmarshaller found Entity/Reference node.");
         }
         
         childNode = childNode->getNextSibling();