Skip to content

Commit

Permalink
Disable XML entity expansion in DMG file parsing
Browse files Browse the repository at this point in the history 
XML entity expansion may be used to load an XML entity from a
(different) local file than the file being scanned if the scanning
process can read the referenced file path.

This may be used to leak information from the local file to the person
who initiated the scan.

The libxml2 option XML_PARSE_NOENT means that no entities should
be left in the document and not that no entities should be resolved.
This commit removes that option.
  • Loading branch information
@micahsnyder
micahsnyder committed Feb 12, 2023
1 parent 0ecaf8f commit e835e2f
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions libclamav/dmg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,7 @@ int cli_scandmg(cli_ctx *ctx)
/* This is the block where we require libxml2 */
#if HAVE_LIBXML2

/* XML_PARSE_NOENT | XML_PARSE_NONET | XML_PARSE_COMPACT */
#define DMG_XML_PARSE_OPTS ((1 << 1 | 1 << 11 | 1 << 16) | CLAMAV_MIN_XMLREADER_FLAGS)
#define DMG_XML_PARSE_OPTS ((XML_PARSE_NONET | XML_PARSE_COMPACT) | CLAMAV_MIN_XMLREADER_FLAGS)

reader = xmlReaderForMemory(outdata, (int)hdr.xmlLength, "toc.xml", NULL, DMG_XML_PARSE_OPTS);
if (!reader) {
Expand Down

0 comments on commit e835e2f

Please sign in to comment.