File exiv2-BanAllEntityUsage.patch of Package exiv2

Overview Repositories Revisions Requests Users Attributes Meta

File exiv2-BanAllEntityUsage.patch of Package exiv2

From e44d1dbe769f3b60a3d671be310f4af4f9490e6b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Thu, 3 Jan 2019 10:31:25 +0100
Subject: [PATCH 1/2] xmpsdk: Build with -DBanAllEntityUsage=1

Prevent a denial-service-attack related to XML entity expansion
("billion laughs attack").
See https://bugzilla.redhat.com/show_bug.cgi?id=888769

Search for BanAllEntityUsage in xmpsdk/src/ExpatAdapter.cpp

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 xmpsdk/CMakeLists.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xmpsdk/CMakeLists.txt b/xmpsdk/CMakeLists.txt
index fa521043..ae011dc3 100644
--- a/xmpsdk/CMakeLists.txt
+++ b/xmpsdk/CMakeLists.txt
@@ -38,6 +38,10 @@ target_include_directories(exiv2-xmp
         ${EXPAT_INCLUDE_DIR}
 )
 
+# Prevent a denial-service-attack related to XML entity expansion
+# ("billion laughs attack").
+# See https://bugzilla.redhat.com/show_bug.cgi?id=888769
+target_compile_definitions(exiv2-xmp PRIVATE BanAllEntityUsage=1)
 if (MSVC)
     target_compile_definitions(exiv2-xmp PRIVATE XML_STATIC)
 endif()
-- 
2.20.1

From dac6bb6043fc046f7cbad73c281eb258a981267f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Thu, 3 Jan 2019 10:41:40 +0100
Subject: [PATCH 2/2] xmpsdk: Fix compile warnings in ExpatAdapter.cpp

The code has been enabled with -DBanAllEntityUsage=1

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 xmpsdk/src/ExpatAdapter.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xmpsdk/src/ExpatAdapter.cpp b/xmpsdk/src/ExpatAdapter.cpp
index 79669f52..09117c75 100644
--- a/xmpsdk/src/ExpatAdapter.cpp
+++ b/xmpsdk/src/ExpatAdapter.cpp
@@ -484,7 +484,10 @@ static void CommentHandler ( void * userData, XMP_StringPtr comment )
 static void StartDoctypeDeclHandler ( void * userData, XMP_StringPtr doctypeName,
 									  XMP_StringPtr sysid, XMP_StringPtr pubid, int has_internal_subset )
 {
-	IgnoreParam(userData);
+	IgnoreParam(doctypeName);
+	IgnoreParam(sysid);
+	IgnoreParam(pubid);
+	IgnoreParam(has_internal_subset);
 
 	ExpatAdapter * thiz = (ExpatAdapter*)userData;
 
-- 
2.20.1

Places

File exiv2-BanAllEntityUsage.patch of Package exiv2

Places