Bug 771799 – XML_PARSE_HUGE (possibly) relaxed in xmlParserEntityCheck()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 771799 - XML_PARSE_HUGE (possibly) relaxed in xmlParserEntityCheck()


Summary:	XML_PARSE_HUGE (possibly) relaxed in xmlParserEntityCheck()


Status:	RESOLVED OBSOLETE

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Nick Wellnhofer
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-09-21 23:54 UTC by ylavic.dev
Modified:	2021-07-05 13:21 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Allow non-linear entity expansion's check even when XML_PARSE_HUGE is used (1.15 KB, patch) 2016-09-21 23:54 UTC, ylavic.dev	none	Details \| Review
Allow non-linear entity expansion's check even when XML_PARSE_HUGE is used (1.15 KB, patch) 2016-09-22 00:00 UTC, ylavic.dev	none	Details \| Review
Allow non-linear entity expansion's check even when XML_PARSE_HUGE is used (1.17 KB, patch) 2016-09-22 00:04 UTC, ylavic.dev	none	Details \| Review
Allow non-linear entity expansion's check even when XML_PARSE_HUGE is used (3.46 KB, patch) 2016-09-30 12:36 UTC, ylavic.dev	none	Details \| Review

Description ylavic.dev 2016-09-21 23:54:34 UTC

Created attachment 336039 [details] [review]
Allow non-linear entity expansion's check even when XML_PARSE_HUGE is used

I would like to be able to parse any element with size > 10MB, but still being protected against exponential linear entity expansion.

While I can control the size of the file/buffer being passed (or not) to the libxml2 parser (hence using XML_PARSE_HUGE to bypass hardcoded limits), this is of no help against evily defined entities.

The attached patch proposes a new XML_PARSE_CHECKENT option which can be used jointly with XML_PARSE_HUGE, for this purpose...

Comment 1 ylavic.dev 2016-09-22 00:00:46 UTC

Created attachment 336040 [details] [review]
Allow non-linear entity expansion's check even when XML_PARSE_HUGE is used

Fix typo in previous patch.

Comment 2 ylavic.dev 2016-09-22 00:04:38 UTC

Created attachment 336041 [details] [review]
Allow non-linear entity expansion's check even when XML_PARSE_HUGE is used

Sorry, same file sent twice above, this one really fixes the typo.

Comment 3 ylavic.dev 2016-09-30 12:36:05 UTC

Created attachment 336667 [details] [review]
Allow non-linear entity expansion's check even when XML_PARSE_HUGE is used

Latest (now working) version of the patch.

Comment 4 ylavic.dev 2017-02-21 11:55:03 UTC

Any taker? The 10MB limit is really an arbitrary value, please let the user control it...

Comment 5 Nick Wellnhofer 2017-06-11 10:24:38 UTC

Yes, the correct solution is move everyone *away* from XML_PARSE_HUGE. Most people only have a problem with the 10MB text size limit. This should be a per-parser setting, so you don't need XML_PARSE_HUGE in the first place.

Comment 6 GNOME Infrastructure Team 2021-07-05 13:21:53 UTC

GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/libxml2/-/issues/

Thank you for your understanding and your help.