GNOME Bugzilla – Bug 727768
Percent sign within NOTATION is incorrectly parsed as a parameter entity reference
Last modified: 2017-06-19 14:25:41 UTC
Refers to libxml 2.9.1 In a DTD, the string <!NOTATION image SYSTEM "%SYSTEMROOT%/paint.exe"> causes a libxml error. Per the XML specification, a parameter entity reference cannot be recognized inside a SystemLiteral. The percent sign itself is permitted in the NOTATION. 4.4 Reference in DTD as a reference within either the internal or external subsets of the DTD, but outside of an EntityValue, AttValue, PI, Comment, SystemLiteral, PubidLiteral, or the contents of an ignored conditional section (see 3.4 Conditional Sections). 2.3 [11] SystemLiteral ::= ('"' [^"]* '"') | ("'" [^']* "'") To test: --------------- $ xmllint --noout --dtdvalid --loaddtd test.xml test.xml: <?xml version="1.0" ?> <!DOCTYPE root SYSTEM "test.dtd"> <root /> test.dtd: <!ELEMENT root EMPTY> <!NOTATION image SYSTEM "%SYSTEMROOT%/paint.exe"> Expected result: ---------------- No LIBXML error is generated and the document is correctly parsed. Actual result: -------------- test.dtd:2: parser error : PEReference: expecting ';' <!NOTATION image SYSTEM "%SYSTEMROOT%/paint.exe">
I'm getting a similar problem with the tests of this CPAN module: https://metacpan.org/release/XML-Grammar-ProductsSyndication It uses XML::LibXML which uses libxml2. What I get is: shlomif@telaviv1:~/progs/perl/cpan/XML/Grammar/ProductsSyndication/hg/XML-Gramma r-ProductsSyndication/perl/XML-Grammar-ProductsSyndication$ ./Build test t/00-load.t ..................... 1/1 # Testing XML::Grammar::ProductsSyndication 0.0403, Perl 5.020000, /home/shlomif/apps/perl/bleadperl/bin/perl5.20.0 t/00-load.t ..................... ok t/01-validate.t ................. extradata/product-syndication.dtd:73: parser e rror : PEReference: %Flow.mix; not found <!ELEMENT desc ((%Flow.mix;)*)> ^ extradata/product-syndication.dtd:73: parser error : ContentDecl : Name or '(' e xpected <!ELEMENT desc ((%Flow.mix;)*)> ^ extradata/product-syndication.dtd:73: parser error : expected '>' <!ELEMENT desc ((%Flow.mix;)*)> ^ extradata/product-syndication.dtd:73: parser error : Content error in the extern al subset <!ELEMENT desc ((%Flow.mix;)*)> ^ # Looks like your test exited with 255 before it could output anything. t/01-validate.t ................. Dubious, test returned 255 (wstat 65280, 0xff0 0) Failed 13/13 subtests t/02-xslt-output.t .............. ok t/03-dload-imgs.t ............... ok [0] 0:bash- 1:bash 2:bash 3:[tmux]* telaviv1.shlomifish.org I'm on Mageia Linux x86-64 v5. Please look into fixing this problem. Regards, -- Shlomi Fish
Hi all, after a lot of investigation I discovered that the problem does not happen with a stock libxml2-2.9.1, but happens after I apply this patch from the Mageia repository: http://svnweb.mageia.org/packages/cauldron/libxml2/current/SOURCES/libxml2-2.9.1-CVE-2014-0191.patch?view=log Currently, I use a libxml2 that was built from source under my home directory using LD_LIBRARY_PATH and without this patch. Regards, -- Shlomi Fish
Fixed accidentally with the following commit: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3