added a wrapper around xmlParseMemory to avoid network and DTD
This commit is contained in:
parent
73db5fc58f
commit
3fc428016f
|
@ -165,8 +165,7 @@ lasso_server_get_svc_metadatas_with_id_and_type(LassoServer *server, GList *svcM
|
||||||
g_return_val_if_fail(LASSO_IS_SERVER(server), NULL);
|
g_return_val_if_fail(LASSO_IS_SERVER(server), NULL);
|
||||||
g_return_val_if_fail(service_type != NULL, NULL);
|
g_return_val_if_fail(service_type != NULL, NULL);
|
||||||
|
|
||||||
for (i = g_list_first(server->private_data->svc_metadatas); i != NULL;
|
for (i = g_list_first(server->private_data->svc_metadatas); i != NULL; i = g_list_next(i)) {
|
||||||
i = g_list_next(i)) {
|
|
||||||
md = LASSO_IDWSF2_DISCO_SVC_METADATA(i->data);
|
md = LASSO_IDWSF2_DISCO_SVC_METADATA(i->data);
|
||||||
/* FIXME: this assumes there is one and only one service
|
/* FIXME: this assumes there is one and only one service
|
||||||
* context, and service type, this should be fixed to iterate
|
* context, and service type, this should be fixed to iterate
|
||||||
|
|
|
@ -185,8 +185,7 @@ lasso_idwsf2_discovery_process_metadata_register_msg(LassoIdWsf2Discovery *disco
|
||||||
request = LASSO_IDWSF2_DISCO_SVC_MD_REGISTER(LASSO_PROFILE(profile)->request);
|
request = LASSO_IDWSF2_DISCO_SVC_MD_REGISTER(LASSO_PROFILE(profile)->request);
|
||||||
/* FIXME : foreach on the list instead */
|
/* FIXME : foreach on the list instead */
|
||||||
if (request != NULL && request->SvcMD != NULL) {
|
if (request != NULL && request->SvcMD != NULL) {
|
||||||
discovery->metadata =
|
discovery->metadata = LASSO_IDWSF2_DISCO_SVC_METADATA(request->SvcMD->data);
|
||||||
LASSO_IDWSF2_DISCO_SVC_METADATA(request->SvcMD->data);
|
|
||||||
/* Build a unique SvcMDID */
|
/* Build a unique SvcMDID */
|
||||||
lasso_build_random_sequence(unique_id, 32);
|
lasso_build_random_sequence(unique_id, 32);
|
||||||
unique_id[32] = 0;
|
unique_id[32] = 0;
|
||||||
|
|
|
@ -310,7 +310,7 @@ lasso_data_service_process_query_msg(LassoDataService *service, const char *mess
|
||||||
|
|
||||||
g_return_val_if_fail(message != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
g_return_val_if_fail(message != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
||||||
|
|
||||||
doc = xmlParseMemory(message, strlen(message));
|
doc = lasso_xml_parse_memory(message, strlen(message));
|
||||||
if (doc == NULL) {
|
if (doc == NULL) {
|
||||||
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1283,7 +1283,7 @@ lasso_wsf_profile_process_soap_request_msg(LassoWsfProfile *profile, const gchar
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
doc = xmlParseMemory(message, strlen(message));
|
doc = lasso_xml_parse_memory(message, strlen(message));
|
||||||
|
|
||||||
/* Verify authentication mecanisms */
|
/* Verify authentication mecanisms */
|
||||||
if (lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
|
if (lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
|
||||||
|
@ -1352,7 +1352,7 @@ lasso_wsf_profile_process_soap_response_msg(LassoWsfProfile *profile, const gcha
|
||||||
g_return_val_if_fail(LASSO_IS_WSF_PROFILE(profile), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
g_return_val_if_fail(LASSO_IS_WSF_PROFILE(profile), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||||
g_return_val_if_fail(message != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
g_return_val_if_fail(message != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
||||||
|
|
||||||
doc = xmlParseMemory(message, strlen(message));
|
doc = lasso_xml_parse_memory(message, strlen(message));
|
||||||
|
|
||||||
if (lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
|
if (lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
|
||||||
xmlNode *xmlnode;
|
xmlNode *xmlnode;
|
||||||
|
|
|
@ -130,7 +130,7 @@ lasso_ecp_process_authn_request_msg(LassoEcp *ecp, const char *authn_request_msg
|
||||||
|
|
||||||
profile = LASSO_PROFILE(ecp);
|
profile = LASSO_PROFILE(ecp);
|
||||||
|
|
||||||
doc = xmlParseMemory(authn_request_msg, strlen(authn_request_msg));
|
doc = lasso_xml_parse_memory(authn_request_msg, strlen(authn_request_msg));
|
||||||
xpathCtx = xmlXPathNewContext(doc);
|
xpathCtx = xmlXPathNewContext(doc);
|
||||||
|
|
||||||
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"ecp", (xmlChar*)LASSO_ECP_HREF);
|
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"ecp", (xmlChar*)LASSO_ECP_HREF);
|
||||||
|
@ -205,7 +205,7 @@ lasso_ecp_process_response_msg(LassoEcp *ecp, const char *response_msg)
|
||||||
g_return_val_if_fail(LASSO_IS_ECP(ecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
g_return_val_if_fail(LASSO_IS_ECP(ecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||||
g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
||||||
|
|
||||||
doc = xmlParseMemory(response_msg, strlen(response_msg));
|
doc = lasso_xml_parse_memory(response_msg, strlen(response_msg));
|
||||||
xpathCtx = xmlXPathNewContext(doc);
|
xpathCtx = xmlXPathNewContext(doc);
|
||||||
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF);
|
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF);
|
||||||
xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body", xpathCtx);
|
xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body", xpathCtx);
|
||||||
|
|
|
@ -1037,7 +1037,7 @@ lasso_saml20_login_process_paos_response_msg(LassoLogin *login, gchar *msg)
|
||||||
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
||||||
}
|
}
|
||||||
|
|
||||||
doc = xmlParseMemory(msg, strlen(msg));
|
doc = lasso_xml_parse_memory(msg, strlen(msg));
|
||||||
xpathCtx = xmlXPathNewContext(doc);
|
xpathCtx = xmlXPathNewContext(doc);
|
||||||
|
|
||||||
/* XXX:BEFORE-LASSO-2.0 */
|
/* XXX:BEFORE-LASSO-2.0 */
|
||||||
|
|
|
@ -128,6 +128,8 @@ gboolean lasso_node_init_from_deflated_query_part(LassoNode *node, char *deflate
|
||||||
|
|
||||||
char* lasso_concat_url_query(char *url, char *query);
|
char* lasso_concat_url_query(char *url, char *query);
|
||||||
|
|
||||||
|
xmlDocPtr lasso_xml_parse_memory(const char *buffer, int size);
|
||||||
|
|
||||||
void _debug(GLogLevelFlags level, const char *filename, int line,
|
void _debug(GLogLevelFlags level, const char *filename, int line,
|
||||||
const char *function, const char *format, ...);
|
const char *function, const char *format, ...);
|
||||||
|
|
||||||
|
|
|
@ -26,6 +26,8 @@
|
||||||
|
|
||||||
#include <libxml/xpath.h>
|
#include <libxml/xpath.h>
|
||||||
#include <libxml/xpathInternals.h>
|
#include <libxml/xpathInternals.h>
|
||||||
|
#include <libxml/parser.h>
|
||||||
|
#include <libxml/parserInternals.h>
|
||||||
|
|
||||||
#include <xmlsec/base64.h>
|
#include <xmlsec/base64.h>
|
||||||
#include <xmlsec/xmltree.h>
|
#include <xmlsec/xmltree.h>
|
||||||
|
@ -120,6 +122,83 @@ lasso_get_prefix_for_idwsf2_dst_service_href(const gchar *href)
|
||||||
return g_strdup(g_hash_table_lookup(idwsf2_dst_services_by_href, href));
|
return g_strdup(g_hash_table_lookup(idwsf2_dst_services_by_href, href));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* (almost) straight from libxml2 internal API */
|
||||||
|
static void
|
||||||
|
xmlDetectSAX2(xmlParserCtxtPtr ctxt) {
|
||||||
|
if (ctxt == NULL) return;
|
||||||
|
#ifdef LIBXML_SAX1_ENABLED
|
||||||
|
if ((ctxt->sax) && (ctxt->sax->initialized == XML_SAX2_MAGIC) &&
|
||||||
|
((ctxt->sax->startElementNs != NULL) ||
|
||||||
|
(ctxt->sax->endElementNs != NULL))) ctxt->sax2 = 1;
|
||||||
|
#else
|
||||||
|
ctxt->sax2 = 1;
|
||||||
|
#endif /* LIBXML_SAX1_ENABLED */
|
||||||
|
|
||||||
|
ctxt->str_xml = xmlDictLookup(ctxt->dict, BAD_CAST "xml", 3);
|
||||||
|
ctxt->str_xmlns = xmlDictLookup(ctxt->dict, BAD_CAST "xmlns", 5);
|
||||||
|
ctxt->str_xml_ns = xmlDictLookup(ctxt->dict, XML_XML_NAMESPACE, 36);
|
||||||
|
if ((ctxt->str_xml==NULL) || (ctxt->str_xmlns==NULL) ||
|
||||||
|
(ctxt->str_xml_ns == NULL)) {
|
||||||
|
ctxt->errNo = XML_ERR_NO_MEMORY;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* lasso_xml_parse_memory:
|
||||||
|
* @buffer: an pointer to a char array
|
||||||
|
* @size: the size of the array
|
||||||
|
*
|
||||||
|
* Parse an XML in-memory block and build a tree; exactly like xmlParseMemory
|
||||||
|
* safe two exceptions:
|
||||||
|
* <itemizedlist>
|
||||||
|
* <listitem><para>
|
||||||
|
* it won't download anything from the network (XML_PARSE_NONET)
|
||||||
|
* </listitem></para>
|
||||||
|
* <listitem><para>
|
||||||
|
* it will refuse documents with a DTD (for security reason)
|
||||||
|
* </para></listitem>
|
||||||
|
* </itemizedlist>
|
||||||
|
*
|
||||||
|
* Return value: the resulting document tree
|
||||||
|
**/
|
||||||
|
xmlDocPtr
|
||||||
|
lasso_xml_parse_memory(const char *buffer, int size)
|
||||||
|
{
|
||||||
|
xmlDocPtr ret;
|
||||||
|
xmlParserCtxtPtr ctxt;
|
||||||
|
|
||||||
|
ctxt = xmlCreateMemoryParserCtxt(buffer, size);
|
||||||
|
if (ctxt == NULL) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
xmlDetectSAX2(ctxt);
|
||||||
|
if (ctxt->errNo == XML_ERR_NO_MEMORY) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
ctxt->recovery = 0;
|
||||||
|
xmlCtxtUseOptions(ctxt, XML_PARSE_NONET);
|
||||||
|
|
||||||
|
xmlParseDocument(ctxt);
|
||||||
|
|
||||||
|
if (ctxt->wellFormed && ctxt->myDoc->intSubset != NULL) {
|
||||||
|
message(G_LOG_LEVEL_WARNING, "Denied message with DTD content");
|
||||||
|
ctxt->wellFormed = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ctxt->wellFormed) {
|
||||||
|
ret = ctxt->myDoc;
|
||||||
|
} else {
|
||||||
|
ret = NULL;
|
||||||
|
xmlFreeDoc(ctxt->myDoc);
|
||||||
|
ctxt->myDoc = NULL;
|
||||||
|
}
|
||||||
|
xmlFreeParserCtxt(ctxt);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
/* virtual public methods */
|
/* virtual public methods */
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
|
@ -1349,7 +1428,7 @@ lasso_node_new_from_dump(const char *dump)
|
||||||
if (dump == NULL)
|
if (dump == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
doc = xmlParseMemory(dump, strlen(dump));
|
doc = lasso_xml_parse_memory(dump, strlen(dump));
|
||||||
if (doc == NULL)
|
if (doc == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
|
@ -1377,7 +1456,7 @@ lasso_node_new_from_soap(const char *soap)
|
||||||
xmlNode *xmlnode;
|
xmlNode *xmlnode;
|
||||||
LassoNode *node = NULL;
|
LassoNode *node = NULL;
|
||||||
|
|
||||||
doc = xmlParseMemory(soap, strlen(soap));
|
doc = lasso_xml_parse_memory(soap, strlen(soap));
|
||||||
xpathCtx = xmlXPathNewContext(doc);
|
xpathCtx = xmlXPathNewContext(doc);
|
||||||
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF);
|
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF);
|
||||||
xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body/*", xpathCtx);
|
xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body/*", xpathCtx);
|
||||||
|
|
Loading…
Reference in New Issue