nokogiri 1.6.6.4 → 1.6.7.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.cross_rubies +7 -5
- data/.travis.yml +33 -30
- data/CHANGELOG.ja.rdoc +15 -18
- data/CHANGELOG.rdoc +12 -15
- data/Gemfile +2 -1
- data/LICENSE.txt +31 -0
- data/Manifest.txt +4 -24
- data/README.md +170 -0
- data/Rakefile +24 -22
- data/appveyor.yml +22 -0
- data/build_all +6 -90
- data/ext/nokogiri/extconf.rb +29 -31
- data/ext/nokogiri/xml_node.c +21 -11
- data/lib/nokogiri/version.rb +1 -1
- data/lib/nokogiri/xml/node.rb +16 -0
- data/{ports/patches → patches}/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +0 -0
- data/{ports/patches → patches}/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +0 -0
- data/{ports/patches → patches}/libxslt/0001-Adding-doc-update-related-to-1.1.28.patch +0 -0
- data/{ports/patches → patches}/libxslt/0002-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch +0 -0
- data/{ports/patches → patches}/libxslt/0003-Initialize-pseudo-random-number-generator-with-curre.patch +0 -0
- data/{ports/patches → patches}/libxslt/0004-EXSLT-function-str-replace-is-broken-as-is.patch +0 -0
- data/{ports/patches → patches}/libxslt/0006-Fix-str-padding-to-work-with-UTF-8-strings.patch +0 -0
- data/{ports/patches → patches}/libxslt/0007-Separate-function-for-predicate-matching-in-patterns.patch +0 -0
- data/{ports/patches → patches}/libxslt/0008-Fix-direct-pattern-matching.patch +0 -0
- data/{ports/patches → patches}/libxslt/0009-Fix-certain-patterns-with-predicates.patch +0 -0
- data/{ports/patches → patches}/libxslt/0010-Fix-handling-of-UTF-8-strings-in-EXSLT-crypto-module.patch +0 -0
- data/{ports/patches → patches}/libxslt/0013-Memory-leak-in-xsltCompileIdKeyPattern-error-path.patch +0 -0
- data/{ports/patches → patches}/libxslt/0014-Fix-for-bug-436589.patch +0 -0
- data/{ports/patches → patches}/libxslt/0015-Fix-mkdir-for-mingw.patch +0 -0
- data/{ports/patches → patches}/sort-patches-by-date +0 -0
- data/test/html/test_document.rb +21 -3
- data/test/xml/sax/test_parser.rb +11 -0
- data/test/xml/test_document.rb +11 -0
- data/test_all +3 -3
- metadata +79 -71
- data/README.ja.rdoc +0 -112
- data/README.rdoc +0 -177
- data/ports/patches/libxml2/0003-Stop-parsing-on-entities-boundaries-errors.patch +0 -32
- data/ports/patches/libxml2/0004-Cleanup-conditional-section-error-handling.patch +0 -49
- data/ports/patches/libxml2/0005-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch +0 -177
- data/ports/patches/libxml2/0006-Another-variation-of-overflow-in-Conditional-section.patch +0 -32
- data/ports/patches/libxml2/0007-Fix-an-error-in-previous-Conditional-section-patch.patch +0 -28
- data/ports/patches/libxml2/0008-CVE-2015-8035-Fix-XZ-compression-support-loop.patch +0 -31
- data/ports/patches/libxml2/0010-Fix-parsering-short-unclosed-comment-uninitialized-access.patch +0 -64
- data/ports/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch +0 -29
data/README.ja.rdoc
DELETED
@@ -1,112 +0,0 @@
|
|
1
|
-
= Nokogiri (鋸) {<img src="https://secure.travis-ci.org/sparklemotion/nokogiri.png?rvm=1.9.3" />}[http://travis-ci.org/sparklemotion/nokogiri] {<img src="https://codeclimate.com/badge.png" />}[https://codeclimate.com/github/sparklemotion/nokogiri]
|
2
|
-
|
3
|
-
* http://nokogiri.org
|
4
|
-
* https://github.com/sparklemotion/nokogiri
|
5
|
-
* https://groups.google.com/group/nokogiri-talk
|
6
|
-
* https://github.com/sparklemotion/nokogiri/issues
|
7
|
-
|
8
|
-
== DESCRIPTION:
|
9
|
-
|
10
|
-
Nokogiri はHTMLとXMLとSAXとXSLTとReaderのパーサーです。とりわけ重要な特徴は、
|
11
|
-
ドキュメントをXPathやCSS3セレクター経由で探索する機能を持つことです。
|
12
|
-
|
13
|
-
XMLは暴力に似ている - XMLが君の問題を解決しないとしたら、君はXMLを十分に
|
14
|
-
使いこなしていない事になる。
|
15
|
-
|
16
|
-
== FEATURES:
|
17
|
-
|
18
|
-
* XPath 1.0による探索
|
19
|
-
* CSS3 のセレクターによる探索
|
20
|
-
* XML/HTMLのビルダー
|
21
|
-
|
22
|
-
XML/HTMLの高速な解析と探索検索、ならびにCSS3セレクタとXPath 1.0をサポートしています。
|
23
|
-
|
24
|
-
== SUPPORT:
|
25
|
-
|
26
|
-
日本語でNokogiriの
|
27
|
-
{メーリングリスト}[https://groups.google.com/group/nokogiri-list]
|
28
|
-
|
29
|
-
* https://groups.google.com/group/nokogiri-list
|
30
|
-
|
31
|
-
{バグ報告}[https://github.com/sparklemotion/nokogiri/issues]
|
32
|
-
|
33
|
-
* https://github.com/sparklemotion/nokogiri/issues
|
34
|
-
|
35
|
-
IRCのチャンネルはfreenodeの #nokogiri です。
|
36
|
-
|
37
|
-
== SYNOPSIS:
|
38
|
-
|
39
|
-
require 'nokogiri'
|
40
|
-
require 'open-uri'
|
41
|
-
|
42
|
-
# Fetch and parse HTML document
|
43
|
-
doc = Nokogiri::HTML(open('http://www.nokogiri.org/tutorials/installing_nokogiri.html'))
|
44
|
-
|
45
|
-
####
|
46
|
-
# Search for nodes by css
|
47
|
-
doc.css('nav ul.menu li a').each do |link|
|
48
|
-
puts link.content
|
49
|
-
end
|
50
|
-
|
51
|
-
####
|
52
|
-
# Search for nodes by xpath
|
53
|
-
doc.xpath('//h2 | //h3').each do |link|
|
54
|
-
puts link.content
|
55
|
-
end
|
56
|
-
|
57
|
-
####
|
58
|
-
# Or mix and match.
|
59
|
-
doc.search('code.sh', '//h2').each do |link|
|
60
|
-
puts link.content
|
61
|
-
end
|
62
|
-
|
63
|
-
|
64
|
-
== REQUIREMENTS:
|
65
|
-
|
66
|
-
* ruby 1.9.3以上
|
67
|
-
|
68
|
-
* Nokogiri 1.6.0以降ではlibxml2とlibxsltは同梱されているが、
|
69
|
-
もしインストール済みのものを使いたい場合:
|
70
|
-
|
71
|
-
* libxml2 2.6.21以上, iconvサポート付きのもの
|
72
|
-
(libxml2-dev/-develパッケージも必要)
|
73
|
-
|
74
|
-
* libxslt 上記のlibxml2でビルドされ、サポートされているもの
|
75
|
-
(libxslt-dev/-develパッケージも必要)
|
76
|
-
|
77
|
-
== INSTALL:
|
78
|
-
|
79
|
-
* sudo gem install nokogiri
|
80
|
-
|
81
|
-
== LICENSE:
|
82
|
-
|
83
|
-
(The MIT License)
|
84
|
-
|
85
|
-
Copyright (c) 2008 - 2015:
|
86
|
-
|
87
|
-
* {Aaron Patterson}[http://tenderlovemaking.com]
|
88
|
-
* {Mike Dalessio}[http://mike.daless.io]
|
89
|
-
* {Charles Nutter}[http://blog.headius.com]
|
90
|
-
* {Sergio Arbeo}[http://www.serabe.com]
|
91
|
-
* {Patrick Mahoney}[http://polycrystal.org]
|
92
|
-
* {Yoko Harada}[http://yokolet.blogspot.com]
|
93
|
-
* {Akinori MUSHA}[https://akinori.org]
|
94
|
-
|
95
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
96
|
-
a copy of this software and associated documentation files (the
|
97
|
-
'Software'), to deal in the Software without restriction, including
|
98
|
-
without limitation the rights to use, copy, modify, merge, publish,
|
99
|
-
distribute, sublicense, and/or sell copies of the Software, and to
|
100
|
-
permit persons to whom the Software is furnished to do so, subject to
|
101
|
-
the following conditions:
|
102
|
-
|
103
|
-
The above copyright notice and this permission notice shall be
|
104
|
-
included in all copies or substantial portions of the Software.
|
105
|
-
|
106
|
-
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
107
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
108
|
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
109
|
-
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
110
|
-
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
111
|
-
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
112
|
-
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
DELETED
@@ -1,177 +0,0 @@
|
|
1
|
-
= Nokogiri {<img src="https://secure.travis-ci.org/sparklemotion/nokogiri.png?rvm=1.9.3" />}[http://travis-ci.org/sparklemotion/nokogiri] {<img src="https://codeclimate.com/github/sparklemotion/nokogiri.png" />}[https://codeclimate.com/github/sparklemotion/nokogiri] {<img src="https://www.versioneye.com/ruby/nokogiri/badge.png" alt="Dependency Status" />}[https://www.versioneye.com/ruby/nokogiri]
|
2
|
-
|
3
|
-
* http://nokogiri.org
|
4
|
-
* https://github.com/sparklemotion/nokogiri
|
5
|
-
* https://groups.google.com/group/nokogiri-talk
|
6
|
-
* https://github.com/sparklemotion/nokogiri/issues
|
7
|
-
|
8
|
-
== DESCRIPTION:
|
9
|
-
|
10
|
-
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's
|
11
|
-
many features is the ability to search documents via XPath or CSS3 selectors.
|
12
|
-
|
13
|
-
XML is like violence - if it doesn’t solve your problems, you are not using
|
14
|
-
enough of it.
|
15
|
-
|
16
|
-
== FEATURES:
|
17
|
-
|
18
|
-
* XPath 1.0 support for document searching
|
19
|
-
* CSS3 selector support for document searching
|
20
|
-
* XML/HTML builder
|
21
|
-
|
22
|
-
Nokogiri parses and searches XML/HTML very quickly, and also has
|
23
|
-
correctly implemented CSS3 selector support as well as XPath 1.0 support.
|
24
|
-
|
25
|
-
== SUPPORT:
|
26
|
-
|
27
|
-
Before filing a bug report, please read our {submission guidelines}[http://nokogiri.org/tutorials/getting_help.html] at:
|
28
|
-
|
29
|
-
* http://nokogiri.org/tutorials/getting_help.html
|
30
|
-
|
31
|
-
The Nokogiri {mailing list}[https://groups.google.com/group/nokogiri-talk]
|
32
|
-
is available here:
|
33
|
-
|
34
|
-
* https://groups.google.com/group/nokogiri-talk
|
35
|
-
|
36
|
-
The {bug tracker}[https://github.com/sparklemotion/nokogiri/issues]
|
37
|
-
is available here:
|
38
|
-
|
39
|
-
* https://github.com/sparklemotion/nokogiri/issues
|
40
|
-
|
41
|
-
The IRC channel is #nokogiri on freenode.
|
42
|
-
|
43
|
-
== SYNOPSIS:
|
44
|
-
|
45
|
-
require 'nokogiri'
|
46
|
-
require 'open-uri'
|
47
|
-
|
48
|
-
# Fetch and parse HTML document
|
49
|
-
doc = Nokogiri::HTML(open('http://www.nokogiri.org/tutorials/installing_nokogiri.html'))
|
50
|
-
|
51
|
-
####
|
52
|
-
# Search for nodes by css
|
53
|
-
doc.css('nav ul.menu li a').each do |link|
|
54
|
-
puts link.content
|
55
|
-
end
|
56
|
-
|
57
|
-
####
|
58
|
-
# Search for nodes by xpath
|
59
|
-
doc.xpath('//h2 | //h3').each do |link|
|
60
|
-
puts link.content
|
61
|
-
end
|
62
|
-
|
63
|
-
####
|
64
|
-
# Or mix and match.
|
65
|
-
doc.search('code.sh', '//h2').each do |link|
|
66
|
-
puts link.content
|
67
|
-
end
|
68
|
-
|
69
|
-
|
70
|
-
== REQUIREMENTS:
|
71
|
-
|
72
|
-
* ruby 1.9.3 or higher
|
73
|
-
|
74
|
-
* in Nokogiri 1.6.0 and later libxml2 and libxslt are bundled with the
|
75
|
-
gem, but if you want to use them installed on the system:
|
76
|
-
|
77
|
-
* libxml2 >=2.6.21 with iconv support
|
78
|
-
(libxml2-dev/-devel is required too)
|
79
|
-
|
80
|
-
* libxslt, built with and supported by the given libxml2
|
81
|
-
(libxslt-dev/-devel is required too)
|
82
|
-
|
83
|
-
== ENCODING:
|
84
|
-
|
85
|
-
Strings are always stored as UTF-8 internally. Methods that return
|
86
|
-
text values will always return UTF-8 encoded strings. Methods that
|
87
|
-
return XML (like to_xml, to_html and inner_html) will return a string
|
88
|
-
encoded like the source document.
|
89
|
-
|
90
|
-
*WARNING*
|
91
|
-
|
92
|
-
Some documents declare one particular encoding, but use a different
|
93
|
-
one. So, which encoding should the parser choose?
|
94
|
-
|
95
|
-
Remember that data is just a stream of bytes. Only we humans add
|
96
|
-
meaning to that stream. Any particular set of bytes could be valid
|
97
|
-
characters in multiple encodings, so detecting encoding with 100%
|
98
|
-
accuracy is not possible. libxml2 does its best, but it can't be right
|
99
|
-
100% of the time.
|
100
|
-
|
101
|
-
If you want Nokogiri to handle the document encoding properly, your
|
102
|
-
best bet is to explicitly set the encoding. Here is an example of
|
103
|
-
explicitly setting the encoding to EUC-JP on the parser:
|
104
|
-
|
105
|
-
doc = Nokogiri.XML('<foo><bar /><foo>', nil, 'EUC-JP')
|
106
|
-
|
107
|
-
== INSTALL:
|
108
|
-
|
109
|
-
* sudo gem install nokogiri
|
110
|
-
|
111
|
-
=== Binary packages
|
112
|
-
|
113
|
-
Binary packages are available for:
|
114
|
-
|
115
|
-
* SuSE[https://download.opensuse.org/repositories/devel:/languages:/ruby:/extensions/]
|
116
|
-
* Fedora[http://s390.koji.fedoraproject.org/koji/packageinfo?packageID=6756]
|
117
|
-
|
118
|
-
== DEVELOPMENT:
|
119
|
-
|
120
|
-
=== Developing on C Ruby (MRI)
|
121
|
-
|
122
|
-
Developing Nokogiri requires racc and rexical to generate the parser and
|
123
|
-
tokenizer. To start development, make sure you have `libxml2` and `libxslt`
|
124
|
-
installed.
|
125
|
-
|
126
|
-
Then install core gems and bootstrap:
|
127
|
-
|
128
|
-
$ gem install hoe rake-compiler mini_portile
|
129
|
-
$ rake newb
|
130
|
-
|
131
|
-
=== Developing on JRuby
|
132
|
-
|
133
|
-
Currently, development with JRuby depends on CRuby being installed. With
|
134
|
-
CRuby, install racc and rexical:
|
135
|
-
|
136
|
-
$ gem install racc rexical
|
137
|
-
|
138
|
-
Make sure hoe and rake compiler are installed with JRuby:
|
139
|
-
|
140
|
-
$ jgem install hoe rake-compiler
|
141
|
-
|
142
|
-
Then run rake:
|
143
|
-
|
144
|
-
$ jruby -S rake
|
145
|
-
|
146
|
-
== LICENSE:
|
147
|
-
|
148
|
-
(The MIT License)
|
149
|
-
|
150
|
-
Copyright (c) 2008 - 2015:
|
151
|
-
|
152
|
-
* {Aaron Patterson}[http://tenderlovemaking.com]
|
153
|
-
* {Mike Dalessio}[http://mike.daless.io]
|
154
|
-
* {Charles Nutter}[http://blog.headius.com]
|
155
|
-
* {Sergio Arbeo}[http://www.serabe.com]
|
156
|
-
* {Patrick Mahoney}[http://polycrystal.org]
|
157
|
-
* {Yoko Harada}[http://yokolet.blogspot.com]
|
158
|
-
* {Akinori MUSHA}[https://akinori.org]
|
159
|
-
|
160
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
161
|
-
a copy of this software and associated documentation files (the
|
162
|
-
'Software'), to deal in the Software without restriction, including
|
163
|
-
without limitation the rights to use, copy, modify, merge, publish,
|
164
|
-
distribute, sublicense, and/or sell copies of the Software, and to
|
165
|
-
permit persons to whom the Software is furnished to do so, subject to
|
166
|
-
the following conditions:
|
167
|
-
|
168
|
-
The above copyright notice and this permission notice shall be
|
169
|
-
included in all copies or substantial portions of the Software.
|
170
|
-
|
171
|
-
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
172
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
173
|
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
174
|
-
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
175
|
-
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
176
|
-
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
177
|
-
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@@ -1,32 +0,0 @@
|
|
1
|
-
From 99d99063ae5c4b6bd2b58324273401f3ce42a550 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Daniel Veillard <veillard@redhat.com>
|
3
|
-
Date: Mon, 23 Feb 2015 11:17:35 +0800
|
4
|
-
Subject: [PATCH 3/8] Stop parsing on entities boundaries errors
|
5
|
-
|
6
|
-
For https://bugzilla.gnome.org/show_bug.cgi?id=744980
|
7
|
-
|
8
|
-
There are times, like on unterminated entities that it's preferable to
|
9
|
-
stop parsing, even if that means less error reporting. Entities are
|
10
|
-
feeding the parser on further processing, and if they are ill defined
|
11
|
-
then it's possible to get the parser to bug. Also do the same on
|
12
|
-
Conditional Sections if the input is broken, as the structure of
|
13
|
-
the document can't be guessed.
|
14
|
-
---
|
15
|
-
parser.c | 1 +
|
16
|
-
1 file changed, 1 insertion(+)
|
17
|
-
|
18
|
-
diff --git a/parser.c b/parser.c
|
19
|
-
index 1d93967..7b0380c 100644
|
20
|
-
--- a/parser.c
|
21
|
-
+++ b/parser.c
|
22
|
-
@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
|
23
|
-
if (RAW != '>') {
|
24
|
-
xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
|
25
|
-
"xmlParseEntityDecl: entity %s not terminated\n", name);
|
26
|
-
+ xmlStopParser(ctxt);
|
27
|
-
} else {
|
28
|
-
if (input != ctxt->input) {
|
29
|
-
xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
|
30
|
-
--
|
31
|
-
2.5.0
|
32
|
-
|
@@ -1,49 +0,0 @@
|
|
1
|
-
From c8d3950c5532c2e3d954bacdb8c479bb9fdacf89 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Daniel Veillard <veillard@redhat.com>
|
3
|
-
Date: Mon, 23 Feb 2015 11:29:20 +0800
|
4
|
-
Subject: [PATCH 4/8] Cleanup conditional section error handling
|
5
|
-
|
6
|
-
For https://bugzilla.gnome.org/show_bug.cgi?id=744980
|
7
|
-
|
8
|
-
The error handling of Conditional Section also need to be
|
9
|
-
straightened as the structure of the document can't be
|
10
|
-
guessed on a failure there and it's better to stop parsing
|
11
|
-
as further errors are likely to be irrelevant.
|
12
|
-
---
|
13
|
-
parser.c | 6 ++++++
|
14
|
-
1 file changed, 6 insertions(+)
|
15
|
-
|
16
|
-
diff --git a/parser.c b/parser.c
|
17
|
-
index 7b0380c..1e714e7 100644
|
18
|
-
--- a/parser.c
|
19
|
-
+++ b/parser.c
|
20
|
-
@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
|
21
|
-
SKIP_BLANKS;
|
22
|
-
if (RAW != '[') {
|
23
|
-
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
|
24
|
-
+ xmlStopParser(ctxt);
|
25
|
-
+ return;
|
26
|
-
} else {
|
27
|
-
if (ctxt->input->id != id) {
|
28
|
-
xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
|
29
|
-
@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
|
30
|
-
SKIP_BLANKS;
|
31
|
-
if (RAW != '[') {
|
32
|
-
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
|
33
|
-
+ xmlStopParser(ctxt);
|
34
|
-
+ return;
|
35
|
-
} else {
|
36
|
-
if (ctxt->input->id != id) {
|
37
|
-
xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
|
38
|
-
@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
|
39
|
-
|
40
|
-
} else {
|
41
|
-
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
|
42
|
-
+ xmlStopParser(ctxt);
|
43
|
-
+ return;
|
44
|
-
}
|
45
|
-
|
46
|
-
if (RAW == 0)
|
47
|
-
--
|
48
|
-
2.5.0
|
49
|
-
|
@@ -1,177 +0,0 @@
|
|
1
|
-
From 12f31177b0d9be57ed8fb3467b501606fb145286 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Daniel Veillard <veillard@redhat.com>
|
3
|
-
Date: Tue, 14 Apr 2015 17:41:48 +0800
|
4
|
-
Subject: [PATCH 5/8] CVE-2015-1819 Enforce the reader to run in constant
|
5
|
-
memory
|
6
|
-
|
7
|
-
One of the operation on the reader could resolve entities
|
8
|
-
leading to the classic expansion issue. Make sure the
|
9
|
-
buffer used for xmlreader operation is bounded.
|
10
|
-
Introduce a new allocation type for the buffers for this effect.
|
11
|
-
---
|
12
|
-
buf.c | 43 ++++++++++++++++++++++++++++++++++++++++++-
|
13
|
-
include/libxml/tree.h | 3 ++-
|
14
|
-
xmlreader.c | 20 +++++++++++++++++++-
|
15
|
-
3 files changed, 63 insertions(+), 3 deletions(-)
|
16
|
-
|
17
|
-
diff --git a/buf.c b/buf.c
|
18
|
-
index 6efc7b6..07922ff 100644
|
19
|
-
--- a/buf.c
|
20
|
-
+++ b/buf.c
|
21
|
-
@@ -27,6 +27,7 @@
|
22
|
-
#include <libxml/tree.h>
|
23
|
-
#include <libxml/globals.h>
|
24
|
-
#include <libxml/tree.h>
|
25
|
-
+#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
|
26
|
-
#include "buf.h"
|
27
|
-
|
28
|
-
#define WITH_BUFFER_COMPAT
|
29
|
-
@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
|
30
|
-
if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
|
31
|
-
(scheme == XML_BUFFER_ALLOC_EXACT) ||
|
32
|
-
(scheme == XML_BUFFER_ALLOC_HYBRID) ||
|
33
|
-
- (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
|
34
|
-
+ (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
|
35
|
-
+ (scheme == XML_BUFFER_ALLOC_BOUNDED)) {
|
36
|
-
buf->alloc = scheme;
|
37
|
-
if (buf->buffer)
|
38
|
-
buf->buffer->alloc = scheme;
|
39
|
-
@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
|
40
|
-
size = buf->use + len + 100;
|
41
|
-
#endif
|
42
|
-
|
43
|
-
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
|
44
|
-
+ /*
|
45
|
-
+ * Used to provide parsing limits
|
46
|
-
+ */
|
47
|
-
+ if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
|
48
|
-
+ (buf->size >= XML_MAX_TEXT_LENGTH)) {
|
49
|
-
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
|
50
|
-
+ return(0);
|
51
|
-
+ }
|
52
|
-
+ if (size >= XML_MAX_TEXT_LENGTH)
|
53
|
-
+ size = XML_MAX_TEXT_LENGTH;
|
54
|
-
+ }
|
55
|
-
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
|
56
|
-
size_t start_buf = buf->content - buf->contentIO;
|
57
|
-
|
58
|
-
@@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
|
59
|
-
CHECK_COMPAT(buf)
|
60
|
-
|
61
|
-
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
|
62
|
-
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
|
63
|
-
+ /*
|
64
|
-
+ * Used to provide parsing limits
|
65
|
-
+ */
|
66
|
-
+ if (size >= XML_MAX_TEXT_LENGTH) {
|
67
|
-
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
|
68
|
-
+ return(0);
|
69
|
-
+ }
|
70
|
-
+ }
|
71
|
-
|
72
|
-
/* Don't resize if we don't have to */
|
73
|
-
if (size < buf->size)
|
74
|
-
@@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
|
75
|
-
|
76
|
-
needSize = buf->use + len + 2;
|
77
|
-
if (needSize > buf->size){
|
78
|
-
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
|
79
|
-
+ /*
|
80
|
-
+ * Used to provide parsing limits
|
81
|
-
+ */
|
82
|
-
+ if (needSize >= XML_MAX_TEXT_LENGTH) {
|
83
|
-
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
|
84
|
-
+ return(-1);
|
85
|
-
+ }
|
86
|
-
+ }
|
87
|
-
if (!xmlBufResize(buf, needSize)){
|
88
|
-
xmlBufMemoryError(buf, "growing buffer");
|
89
|
-
return XML_ERR_NO_MEMORY;
|
90
|
-
@@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
|
91
|
-
}
|
92
|
-
needSize = buf->use + len + 2;
|
93
|
-
if (needSize > buf->size){
|
94
|
-
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
|
95
|
-
+ /*
|
96
|
-
+ * Used to provide parsing limits
|
97
|
-
+ */
|
98
|
-
+ if (needSize >= XML_MAX_TEXT_LENGTH) {
|
99
|
-
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
|
100
|
-
+ return(-1);
|
101
|
-
+ }
|
102
|
-
+ }
|
103
|
-
if (!xmlBufResize(buf, needSize)){
|
104
|
-
xmlBufMemoryError(buf, "growing buffer");
|
105
|
-
return XML_ERR_NO_MEMORY;
|
106
|
-
diff --git a/include/libxml/tree.h b/include/libxml/tree.h
|
107
|
-
index 2f90717..4a9b3bc 100644
|
108
|
-
--- a/include/libxml/tree.h
|
109
|
-
+++ b/include/libxml/tree.h
|
110
|
-
@@ -76,7 +76,8 @@ typedef enum {
|
111
|
-
XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */
|
112
|
-
XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
|
113
|
-
XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */
|
114
|
-
- XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */
|
115
|
-
+ XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */
|
116
|
-
+ XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */
|
117
|
-
} xmlBufferAllocationScheme;
|
118
|
-
|
119
|
-
/**
|
120
|
-
diff --git a/xmlreader.c b/xmlreader.c
|
121
|
-
index f19e123..471e7e2 100644
|
122
|
-
--- a/xmlreader.c
|
123
|
-
+++ b/xmlreader.c
|
124
|
-
@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) {
|
125
|
-
"xmlNewTextReader : malloc failed\n");
|
126
|
-
return(NULL);
|
127
|
-
}
|
128
|
-
+ /* no operation on a reader should require a huge buffer */
|
129
|
-
+ xmlBufSetAllocationScheme(ret->buffer,
|
130
|
-
+ XML_BUFFER_ALLOC_BOUNDED);
|
131
|
-
ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
|
132
|
-
if (ret->sax == NULL) {
|
133
|
-
xmlBufFree(ret->buffer);
|
134
|
-
@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
|
135
|
-
return(((xmlNsPtr) node)->href);
|
136
|
-
case XML_ATTRIBUTE_NODE:{
|
137
|
-
xmlAttrPtr attr = (xmlAttrPtr) node;
|
138
|
-
+ const xmlChar *ret;
|
139
|
-
|
140
|
-
if ((attr->children != NULL) &&
|
141
|
-
(attr->children->type == XML_TEXT_NODE) &&
|
142
|
-
@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
|
143
|
-
"xmlTextReaderSetup : malloc failed\n");
|
144
|
-
return (NULL);
|
145
|
-
}
|
146
|
-
+ xmlBufSetAllocationScheme(reader->buffer,
|
147
|
-
+ XML_BUFFER_ALLOC_BOUNDED);
|
148
|
-
} else
|
149
|
-
xmlBufEmpty(reader->buffer);
|
150
|
-
xmlBufGetNodeContent(reader->buffer, node);
|
151
|
-
- return(xmlBufContent(reader->buffer));
|
152
|
-
+ ret = xmlBufContent(reader->buffer);
|
153
|
-
+ if (ret == NULL) {
|
154
|
-
+ /* error on the buffer best to reallocate */
|
155
|
-
+ xmlBufFree(reader->buffer);
|
156
|
-
+ reader->buffer = xmlBufCreateSize(100);
|
157
|
-
+ xmlBufSetAllocationScheme(reader->buffer,
|
158
|
-
+ XML_BUFFER_ALLOC_BOUNDED);
|
159
|
-
+ ret = BAD_CAST "";
|
160
|
-
+ }
|
161
|
-
+ return(ret);
|
162
|
-
}
|
163
|
-
break;
|
164
|
-
}
|
165
|
-
@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader,
|
166
|
-
"xmlTextReaderSetup : malloc failed\n");
|
167
|
-
return (-1);
|
168
|
-
}
|
169
|
-
+ /* no operation on a reader should require a huge buffer */
|
170
|
-
+ xmlBufSetAllocationScheme(reader->buffer,
|
171
|
-
+ XML_BUFFER_ALLOC_BOUNDED);
|
172
|
-
if (reader->sax == NULL)
|
173
|
-
reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
|
174
|
-
if (reader->sax == NULL) {
|
175
|
-
--
|
176
|
-
2.5.0
|
177
|
-
|