From 389f74b11d3f6cd54c32ffcf423cee1c9b07f845 Mon Sep 17 00:00:00 2001 From: Chris Young Date: Tue, 23 Aug 2016 18:26:04 +0100 Subject: Don't attempt to fetch external entity references blindly with fopen The system_id is a URI, either absolute or relative to 'base', it needs to be fetched using network calls, fopen won't work. I've put a half-working POC in chris/fetch-x-ent-ref but it needs fixing up and testing. Removing this non-working code fixes #2313 for now, but fetching of external entities will still need to be added. --- bindings/xml/expat_xmlparser.c | 38 +++----------------------------------- 1 file changed, 3 insertions(+), 35 deletions(-) (limited to 'bindings') diff --git a/bindings/xml/expat_xmlparser.c b/bindings/xml/expat_xmlparser.c index e1c22ad..53c3093 100644 --- a/bindings/xml/expat_xmlparser.c +++ b/bindings/xml/expat_xmlparser.c @@ -292,44 +292,12 @@ expat_xmlparser_external_entity_ref_handler(XML_Parser parser, const XML_Char *system_id, const XML_Char *public_id) { - FILE *fh; - XML_Parser subparser; - unsigned char data[1024]; - size_t len; - enum XML_Status status; - + UNUSED(parser); + UNUSED(context); UNUSED(base); + UNUSED(system_id); UNUSED(public_id); - if (system_id == NULL) - return XML_STATUS_OK; - - fh = fopen(system_id, "r"); - - if (fh == NULL) - return XML_STATUS_OK; - - subparser = XML_ExternalEntityParserCreate(parser, - context, - NULL); - - if (subparser == NULL) { - fclose(fh); - return XML_STATUS_OK; - } - - /* Parse the file bit by bit */ - while ((len = fread(data, 1, 1024, fh)) > 0) { - status = XML_Parse(subparser, (const char *)data, len, 0); - if (status != XML_STATUS_OK) { - XML_ParserFree(subparser); - fclose(fh); - return XML_STATUS_OK; - } - } - XML_Parse(subparser, "", 0, 1); - XML_ParserFree(subparser); - fclose(fh); return XML_STATUS_OK; } -- cgit v1.2.3