File: CVE-2013-1643.patch

package info (click to toggle)
php5 5.3.3-7%2Bsqueeze19
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 122,836 kB
  • ctags: 55,742
  • sloc: ansic: 633,963; php: 19,620; sh: 11,344; xml: 5,816; cpp: 2,400; yacc: 1,745; exp: 1,514; makefile: 1,019; pascal: 623; awk: 537; sql: 22
file content (135 lines) | stat: -rw-r--r-- 4,114 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
 
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -261,6 +261,7 @@ static PHP_GINIT_FUNCTION(libxml)
 	libxml_globals->stream_context = NULL;
 	libxml_globals->error_buffer.c = NULL;
 	libxml_globals->error_list = NULL;
+	libxml_globals->entity_loader_disabled = 0;
 }
 
 /* Channel libxml file io layer through the PHP streams subsystem.
@@ -350,16 +351,15 @@ static int php_libxml_streams_IO_close(v
 }
 
 static xmlParserInputBufferPtr
-php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
-{
-	return NULL;
-}
-
-static xmlParserInputBufferPtr
 php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
 {
 	xmlParserInputBufferPtr ret;
 	void *context = NULL;
+	TSRMLS_FETCH();
+
+	if (LIBXML(entity_loader_disabled)) {
+		return NULL;
+	}
 
 	if (URI == NULL)
 		return(NULL);
@@ -835,28 +835,25 @@ static PHP_FUNCTION(libxml_clear_errors)
 }
 /* }}} */
 
+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
+{
+	zend_bool old = LIBXML(entity_loader_disabled);
+
+	LIBXML(entity_loader_disabled) = disable;
+	return old;
+}
+
 /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) 
    Disable/Enable ability to load external entities */
 static PHP_FUNCTION(libxml_disable_entity_loader)
 {
 	zend_bool disable = 1;
-	xmlParserInputBufferCreateFilenameFunc old;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) {
 		return;
 	}
 
-	if (disable == 0) {
-		old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
-	} else {
-		old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
-	}
-
-	if (old == php_libxml_input_buffer_noload) {
-		RETURN_TRUE;
-	}
-
-	RETURN_FALSE;
+	RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
 }
 /* }}} */
 
--- a/ext/libxml/php_libxml.h
+++ b/ext/libxml/php_libxml.h
@@ -43,6 +43,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml)
 	zval *stream_context;
 	smart_str error_buffer;
 	zend_llist *error_list;
+	zend_bool entity_loader_disabled;
 ZEND_END_MODULE_GLOBALS(libxml)
 
 typedef struct _libxml_doc_props {
@@ -93,6 +94,7 @@ PHP_LIBXML_API void php_libxml_ctx_error
 PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
 PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
 PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC);
+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC);
 
 /* Init/shutdown functions*/
 PHP_LIBXML_API void php_libxml_initialize(void);
--- a/ext/soap/php_xml.c
+++ b/ext/soap/php_xml.c
@@ -20,6 +20,7 @@
 /* $Id: php_xml.c 293036 2010-01-03 09:23:27Z sebastian $ */
 
 #include "php_soap.h"
+#include "ext/libxml/php_libxml.h"
 #include "libxml/parser.h"
 #include "libxml/parserInternals.h"
 
@@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char *
 	ctxt = xmlCreateFileParserCtxt(filename);
 	PG(allow_url_fopen) = old_allow_url_fopen;
 	if (ctxt) {
+		zend_bool old;
+
 		ctxt->keepBlanks = 0;
 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
 		ctxt->sax->comment = soap_Comment;
 		ctxt->sax->warning = NULL;
 		ctxt->sax->error = NULL;
 		/*ctxt->sax->fatalError = NULL;*/
+		old = php_libxml_disable_entity_loader(1);
 		xmlParseDocument(ctxt);
+		php_libxml_disable_entity_loader(old);
 		if (ctxt->wellFormed) {
 			ret = ctxt->myDoc;
 			if (ret->URL == NULL && ctxt->directory != NULL) {
@@ -133,6 +138,8 @@ xmlDocPtr soap_xmlParseMemory(const void
 */
 	ctxt = xmlCreateMemoryParserCtxt(buf, buf_size);
 	if (ctxt) {
+		zend_bool old;
+
 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
 		ctxt->sax->comment = soap_Comment;
 		ctxt->sax->warning = NULL;
@@ -141,7 +148,9 @@ xmlDocPtr soap_xmlParseMemory(const void
 #if LIBXML_VERSION >= 20703
 		ctxt->options |= XML_PARSE_HUGE;
 #endif
+		old = php_libxml_disable_entity_loader(1);
 		xmlParseDocument(ctxt);
+		php_libxml_disable_entity_loader(old);
 		if (ctxt->wellFormed) {
 			ret = ctxt->myDoc;
 			if (ret->URL == NULL && ctxt->directory != NULL) {