Merge commit '3b1742b8391e966be780bdc43fdf959f7b3a118c'

Sibras · Sibras · commit 5425df8057a0 · 2024-10-19T22:28:59.000+11:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -528,7 +528,7 @@ if(LIBXML2_WITH_TESTS)
     endif()
     add_test(NAME testchar COMMAND testchar)
     add_test(NAME testdict COMMAND testdict)
-    add_test(NAME testparser COMMAND testparser)
+    add_test(NAME testparser COMMAND testparser WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
     add_test(NAME testrecurse COMMAND testrecurse WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
     add_test(NAME testThreads COMMAND testThreads WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 endif()
diff --git a/NEWS b/NEWS
@@ -1,5 +1,25 @@
 NEWS file for libxml2
 
+v2.13.3: Jul 24 2024
+
+### Security
+
+- [CVE-2024-40896] Fix XXE protection in downstream code
+
+### Regressions
+
+- autotools: Use AC_CHECK_DECL to check for getentropy
+- xinclude: Fix fallback for text includes
+- io: Don't call getcwd in xmlParserGetDirectory
+- io: Fix return value of xmlFileRead
+- parser: Fix error return of xmlParseBalancedChunkMemory
+
+### Improvements
+
+- xinclude: Set error handler when parsing text
+- Undeprecate xmlKeepBlanksDefault
+
+
 v2.13.2: Jul 4 2024
 
 ### Regressions
diff --git a/configure.ac b/configure.ac
@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
 
 m4_define([MAJOR_VERSION], 2)
 m4_define([MINOR_VERSION], 13)
-m4_define([MICRO_VERSION], 2)
+m4_define([MICRO_VERSION], 3)
 
 AC_INIT([libxml2],[MAJOR_VERSION.MINOR_VERSION.MICRO_VERSION])
 AC_CONFIG_SRCDIR([entities.c])
@@ -310,13 +310,17 @@ AC_CHECK_HEADERS([glob.h])
 AM_CONDITIONAL(WITH_GLOB, test "$ac_cv_header_glob_h" = "yes")
 
 dnl Checks for library functions.
-AC_CHECK_FUNCS([getentropy gettimeofday ftime stat mmap munmap])
+AC_CHECK_FUNCS([gettimeofday ftime stat mmap munmap])
 
 AH_VERBATIM([HAVE_MUNMAP_AFTER],[/* mmap() is no good without munmap() */
 #if defined(HAVE_MMAP) && !defined(HAVE_MUNMAP)
 #  undef /**/ HAVE_MMAP
 #endif])
 
+AC_CHECK_DECL([getentropy],
+              [AC_DEFINE([HAVE_GETENTROPY], [1], [getentropy])], [],
+              [#include <sys/random.h>])
+
 dnl
 dnl Checks for inet libraries
 dnl
diff --git a/include/libxml/parser.h b/include/libxml/parser.h
@@ -948,7 +948,7 @@ XML_DEPRECATED XMLPUBFUN int
 		xmlSubstituteEntitiesDefault(int val);
 XML_DEPRECATED XMLPUBFUN int
                 xmlThrDefSubstituteEntitiesDefaultValue(int v);
-XML_DEPRECATED XMLPUBFUN int
+XMLPUBFUN int
 		xmlKeepBlanksDefault	(int val);
 XML_DEPRECATED XMLPUBFUN int
 		xmlThrDefKeepBlanksDefaultValue(int v);
diff --git a/meson.build b/meson.build
@@ -1,7 +1,7 @@
 project(
     'libxml2',
     'c',
-    version: '2.13.2',
+    version: '2.13.3',
     license: 'MIT',
     default_options: ['buildtype=debug', 'warning_level=3'],
     meson_version: '>= 0.61',
diff --git a/parser.c b/parser.c
@@ -7382,6 +7382,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
 	return;
     }
 
+    /*
+     * Some users try to parse entities on their own and used to set
+     * the renamed "checked" member. Fix the flags to cover this
+     * case.
+     */
+    if (((ent->flags & XML_ENT_PARSED) == 0) && (ent->children != NULL))
+        ent->flags |= XML_ENT_PARSED;
+
     /*
      * The first reference to the entity trigger a parsing phase
      * where the ent->children is filled with the result from
@@ -12535,7 +12543,10 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
     else
         xmlFreeNodeList(list);
 
-    ret = ctxt->errNo;
+    if (!ctxt->wellFormed)
+        ret = ctxt->errNo;
+    else
+        ret = XML_ERR_OK;
 
     xmlFreeInputStream(input);
     xmlFreeParserCtxt(ctxt);
diff --git a/result/XInclude/fallback8.xml b/result/XInclude/fallback8.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0"?>
+<doc>
+    text not found
+</doc>
diff --git a/result/XInclude/fallback8.xml.err b/result/XInclude/fallback8.xml.err
@@ -0,0 +1 @@
+I/O warning : failed to load "test/XInclude/docs/404.txt": No such file or directory
diff --git a/result/XInclude/fallback8.xml.rdr b/result/XInclude/fallback8.xml.rdr
@@ -0,0 +1,7 @@
+0 1 doc 0 0
+1 14 #text 0 1 
+    
+1 3 #text 0 1 text not found
+1 14 #text 0 1 
+
+0 15 doc 0 0
diff --git a/test/XInclude/docs/fallback8.xml b/test/XInclude/docs/fallback8.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<doc>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="404.txt" parse="text">
+        <xi:fallback>text not found</xi:fallback>
+    </xi:include>
+</doc>
+
diff --git a/testparser.c b/testparser.c
@@ -4,6 +4,8 @@
  * See Copyright for the status of this software.
  */
 
+#define XML_DEPRECATED
+
 #include <libxml/parser.h>
 #include <libxml/uri.h>
 #include <libxml/xmlreader.h>
@@ -95,6 +97,34 @@ testNodeGetContent(void) {
     return err;
 }
 
+static int
+testCFileIO(void) {
+    xmlDocPtr doc;
+    int err = 0;
+
+    /* Deprecated FILE-based API */
+    xmlRegisterInputCallbacks(xmlFileMatch, xmlFileOpen, xmlFileRead,
+                              xmlFileClose);
+    doc = xmlReadFile("test/ent1", NULL, 0);
+
+    if (doc == NULL) {
+        err = 1;
+    } else {
+        xmlNodePtr root = xmlDocGetRootElement(doc);
+
+        if (root == NULL || !xmlStrEqual(root->name, BAD_CAST "EXAMPLE"))
+            err = 1;
+    }
+
+    xmlFreeDoc(doc);
+    xmlPopInputCallbacks();
+
+    if (err)
+        fprintf(stderr, "xmlReadFile failed with FILE input callbacks\n");
+
+    return err;
+}
+
 #ifdef LIBXML_SAX1_ENABLED
 static int
 testBalancedChunk(void) {
@@ -540,6 +570,7 @@ main(void) {
     err |= testStandaloneWithEncoding();
     err |= testUnsupportedEncoding();
     err |= testNodeGetContent();
+    err |= testCFileIO();
 #ifdef LIBXML_SAX1_ENABLED
     err |= testBalancedChunk();
 #endif
diff --git a/xinclude.c b/xinclude.c
@@ -1653,11 +1653,18 @@ xmlXIncludeLoadTxt(xmlXIncludeCtxtPtr ctxt, xmlXIncludeRefPtr ref) {
         xmlXIncludeErrMemory(ctxt);
         goto error;
     }
+    if (ctxt->errorHandler != NULL)
+        xmlCtxtSetErrorHandler(pctxt, ctxt->errorHandler, ctxt->errorCtxt);
     inputStream = xmlLoadExternalEntity((const char*)url, NULL, pctxt);
     if (inputStream == NULL) {
+        /*
+         * ENOENT only produces a warning which isn't reflected in errNo.
+         */
         if (pctxt->errNo == XML_ERR_NO_MEMORY)
             xmlXIncludeErrMemory(ctxt);
-        else
+        else if ((pctxt->errNo != XML_ERR_OK) &&
+                 (pctxt->errNo != XML_IO_ENOENT) &&
+                 (pctxt->errNo != XML_IO_UNKNOWN))
             xmlXIncludeErr(ctxt, NULL, pctxt->errNo, "load error", NULL);
 	goto error;
     }
diff --git a/xmlIO.c b/xmlIO.c
@@ -776,7 +776,7 @@ xmlFileRead(void * context, char * buffer, int len) {
     if ((bytes < (size_t) len) && (ferror(file)))
         return(-xmlIOErr(0, "fread()"));
 
-    return(len);
+    return(bytes);
 }
 
 #ifdef LIBXML_OUTPUT_ENABLED
@@ -2903,13 +2903,8 @@ xmlParserGetDirectory(const char *filename) {
         if (cur == dir) dir[1] = 0;
 	else *cur = 0;
 	ret = xmlMemStrdup(dir);
-#if !defined(WINAPI_FAMILY_PARTITION) || !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) || WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
     } else {
-        if (getcwd(dir, 1024) != NULL) {
-	    dir[1023] = 0;
-	    ret = xmlMemStrdup(dir);
-	}
-#endif
+        ret = xmlMemStrdup(".");
     }
     return(ret);
 #undef IS_XMLPGD_SEP

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +<?xml version="1.0"?>
 +<doc>
 +    text not found
 +</doc>
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+I/O warning : failed to load "test/XInclude/docs/404.txt": No such file or directory`