Browse code
Use a minimum set of flags when dealing with XML data
Shawn Webb authored on 2014/08/27 02:47:27Showing 6 changed files
- libclamav/dmg.c
- libclamav/ooxml.c
- libclamav/openioc.c
- libclamav/others.h
- libclamav/xar.c
- libclamav/xdp.c
| ... | ... |
@@ -209,7 +209,7 @@ int cli_scandmg(cli_ctx *ctx) |
| 209 | 209 |
#if HAVE_LIBXML2 |
| 210 | 210 |
|
| 211 | 211 |
/* XML_PARSE_NOENT | XML_PARSE_NONET | XML_PARSE_COMPACT */ |
| 212 |
-#define DMG_XML_PARSE_OPTS (1 << 1 | 1 << 11 | 1 << 16) |
|
| 212 |
+#define DMG_XML_PARSE_OPTS ((1 << 1 | 1 << 11 | 1 << 16) | CLAMAV_MIN_XMLREADER_FLAGS) |
|
| 213 | 213 |
|
| 214 | 214 |
reader = xmlReaderForMemory(outdata, (int)hdr.xmlLength, "toc.xml", NULL, DMG_XML_PARSE_OPTS); |
| 215 | 215 |
if (!reader) {
|
| ... | ... |
@@ -368,7 +368,7 @@ static int ooxml_parse_document(int fd, cli_ctx *ctx) |
| 368 | 368 |
|
| 369 | 369 |
cli_dbgmsg("in ooxml_parse_document\n");
|
| 370 | 370 |
|
| 371 |
- reader = xmlReaderForFd(fd, "properties.xml", NULL, 0); |
|
| 371 |
+ reader = xmlReaderForFd(fd, "properties.xml", NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
| 372 | 372 |
if (reader == NULL) {
|
| 373 | 373 |
cli_dbgmsg("ooxml_parse_document: xmlReaderForFd error\n");
|
| 374 | 374 |
return CL_SUCCESS; // internal error from libxml2 |
| ... | ... |
@@ -416,7 +416,7 @@ static int ooxml_content_cb(int fd, cli_ctx *ctx) |
| 416 | 416 |
|
| 417 | 417 |
cli_dbgmsg("in ooxml_content_cb\n");
|
| 418 | 418 |
|
| 419 |
- reader = xmlReaderForFd(fd, "[Content_Types].xml", NULL, 0); |
|
| 419 |
+ reader = xmlReaderForFd(fd, "[Content_Types].xml", NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
| 420 | 420 |
if (reader == NULL) {
|
| 421 | 421 |
cli_dbgmsg("ooxml_content_cb: xmlReaderForFd error for ""[Content_Types].xml""\n");
|
| 422 | 422 |
return CL_SUCCESS; // libxml2 failed! |
| ... | ... |
@@ -197,7 +197,7 @@ int openioc_parse(const char * fname, int fd, struct cl_engine *engine, unsigned |
| 197 | 197 |
|
| 198 | 198 |
cli_dbgmsg("openioc_parse: XML parsing file %s\n", fname);
|
| 199 | 199 |
|
| 200 |
- reader = xmlReaderForFd(fd, NULL, NULL, 0); |
|
| 200 |
+ reader = xmlReaderForFd(fd, NULL, NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
| 201 | 201 |
if (reader == NULL) {
|
| 202 | 202 |
cli_dbgmsg("openioc_parse: xmlReaderForFd error\n");
|
| 203 | 203 |
return CL_EOPEN; |
| ... | ... |
@@ -54,6 +54,10 @@ |
| 54 | 54 |
#include "json.h" |
| 55 | 55 |
#endif |
| 56 | 56 |
|
| 57 |
+#if HAVE_LIBXML2 |
|
| 58 |
+#define CLAMAV_MIN_XMLREADER_FLAGS (XML_PARSE_NOERROR | XML_PARSE_NONET) |
|
| 59 |
+#endif |
|
| 60 |
+ |
|
| 57 | 61 |
/* |
| 58 | 62 |
* CL_FLEVEL is the signature f-level specific to the current code and |
| 59 | 63 |
* should never be modified |
| ... | ... |
@@ -516,7 +516,7 @@ int cli_scanxar(cli_ctx *ctx) |
| 516 | 516 |
goto exit_toc; |
| 517 | 517 |
} |
| 518 | 518 |
|
| 519 |
- reader = xmlReaderForMemory(toc, hdr.toc_length_decompressed, "noname.xml", NULL, 0); |
|
| 519 |
+ reader = xmlReaderForMemory(toc, hdr.toc_length_decompressed, "noname.xml", NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
| 520 | 520 |
if (reader == NULL) {
|
| 521 | 521 |
cli_dbgmsg("cli_scanxar: xmlReaderForMemory error for TOC\n");
|
| 522 | 522 |
goto exit_toc; |
| ... | ... |
@@ -122,7 +122,7 @@ int cli_scanxdp(cli_ctx *ctx) |
| 122 | 122 |
* silently ignore the error and return CL_SUCCESS so the filetyping code can |
| 123 | 123 |
* continue on. |
| 124 | 124 |
*/ |
| 125 |
- reader = xmlReaderForMemory(buf, (int)(map->len), "noname.xml", NULL, XML_PARSE_NOERROR); |
|
| 125 |
+ reader = xmlReaderForMemory(buf, (int)(map->len), "noname.xml", NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
| 126 | 126 |
if (!(reader)) |
| 127 | 127 |
return CL_SUCCESS; |
| 128 | 128 |
|