After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 554660 - Using an entity in entity definition leads to endless loop / DoS possible
Using an entity in entity definition leads to endless loop / DoS possible
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
2.7.1
Other All
: Normal critical
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2008-10-02 07:08 UTC by Christian Weiske
Modified: 2008-10-03 06:56 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
patch avoiding problem with predefined entities definitions in entities (474 bytes, patch)
2008-10-02 20:51 UTC, Daniel Veillard 		committed Details | Review

Description Christian Weiske 2008-10-02 07:08:37 UTC 
Steps to reproduce:
1. Create xml file:
<?xml version='1.0' ?>
<!DOCTYPE test [
<!ENTITY ampproblem '&amp;'>
]>
<t a="&ampproblem;">a</t>

2. use xmllint on it
3. xmllint eats up all memory and crashes


Stack trace:


Other information:
Could be related to http://www.securityfocus.com/bid/30783
Comment 2 Christian Weiske 2008-10-02 18:21:36 UTC 
Has been confirmed by Gentoo people:
http://bugs.gentoo.org/show_bug.cgi?id=239346
http://bugs.gentoo.org/show_bug.cgi?id=234099#c37
Comment 3 Daniel Veillard 2008-10-02 20:51:32 UTC 
Created attachment 119824 [details] [review]
patch avoiding problem with predefined entities definitions in entities
Comment 4 Daniel Veillard 2008-10-02 20:56:09 UTC 
Patch is trivial, the bug was added when cleaning up the
entities processing in 2.7.x , versions before 2.7.0 are
not affected. Fixed in SVN,
I will make a new release ASAP,

Daniel
Comment 5 Daniel Veillard 2008-10-02 21:13:21 UTC 
Note: that's unrelated to the two links posted in comment #1 or #2
Comment 6 Christian Weiske 2008-10-03 06:56:35 UTC 
Patch works for me.