13 Sep
2013
13 Sep
'13
10:13 p.m.
With my last revision I stab at thee! r12513.
We're now loading the file into memory for parsing and then controlling that back into the parser.
Martin,
On Fri, 2013-09-13 at 16:20 +0200, Krzysztof KosiĆski wrote:
Looks like there is an additional problem. Since we are using xmlReadIO, there is the possibility that the entity declaration will be split between read blocks. By placing the entity declaration at this boundary it's still possible to exploit the vulnerability. So the bug is not fixed even with the regex.
To really fix it, we would have to temporarily load the entire document into memory and use xmlReadDoc.
Regards, Krzysztof