Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3bf822c

Browse files
committed
Disable the undocumented xmlvalidate() function, which was unintentionally
left in the code though it was not meant to be provided. It represents asecurity hole because unprivileged users could use it to look at (at least thefirst line of) any file readable by the backend. Fortunately, this is onlypossible if the backend was built with XML support, so the damage is at leastmitigated; and 8.3 probably hasn't propagated into any security-critical usesyet anyway. Per report from Sergey Burladyan.
1 parent64f30bb commit3bf822c

File tree

1 file changed

+9
-60
lines changed
  • src/backend/utils/adt

1 file changed

+9
-60
lines changed

‎src/backend/utils/adt/xml.c

Lines changed: 9 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
88
* Portions Copyright (c) 1994, Regents of the University of California
99
*
10-
* $PostgreSQL: pgsql/src/backend/utils/adt/xml.c,v 1.68 2008/01/15 18:56:59 tgl Exp $
10+
* $PostgreSQL: pgsql/src/backend/utils/adt/xml.c,v 1.69 2008/03/01 02:46:49 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -788,70 +788,19 @@ xmlroot(xmltype *data, text *version, int standalone)
788788

789789
/*
790790
* Validate document (given as string) against DTD (given as external link)
791-
* TODO !!! use text instead of cstring for second arg
792-
* TODO allow passing DTD as a string value (not only as an URI)
793-
* TODO redesign (see comment with '!!!' below)
791+
*
792+
* This has been removed because it is a security hole: unprivileged users
793+
* should not be able to use Postgres to fetch arbitrary external files,
794+
* which unfortunately is exactly what libxml is willing to do with the DTD
795+
* parameter.
794796
*/
795797
Datum
796798
xmlvalidate(PG_FUNCTION_ARGS)
797799
{
798-
#ifdefUSE_LIBXML
799-
text*data=PG_GETARG_TEXT_P(0);
800-
text*dtdOrUri=PG_GETARG_TEXT_P(1);
801-
boolresult= false;
802-
xmlParserCtxtPtrctxt;
803-
xmlDocPtrdoc;
804-
xmlDtdPtrdtd;
805-
806-
xml_init();
807-
xmlInitParser();
808-
ctxt=xmlNewParserCtxt();
809-
if (ctxt==NULL)
810-
xml_ereport(ERROR,ERRCODE_OUT_OF_MEMORY,
811-
"could not allocate parser context");
812-
813-
doc=xmlCtxtReadMemory(ctxt, (char*)VARDATA(data),
814-
VARSIZE(data)-VARHDRSZ,
815-
NULL,NULL,0);
816-
if (doc==NULL)
817-
xml_ereport(ERROR,ERRCODE_INVALID_XML_DOCUMENT,
818-
"could not parse XML data");
819-
820-
#if0
821-
uri=xmlCreateURI();
822-
elog(NOTICE,"dtd - %s",dtdOrUri);
823-
dtd=palloc(sizeof(xmlDtdPtr));
824-
uri=xmlParseURI(dtdOrUri);
825-
if (uri==NULL)
826-
xml_ereport(ERROR,ERRCODE_INTERNAL_ERROR,
827-
"not implemented yet... (TODO)");
828-
else
829-
#endif
830-
dtd=xmlParseDTD(NULL,xml_text2xmlChar(dtdOrUri));
831-
832-
if (dtd==NULL)
833-
xml_ereport(ERROR,ERRCODE_INVALID_XML_DOCUMENT,
834-
"could not load DTD");
835-
836-
if (xmlValidateDtd(xmlNewValidCtxt(),doc,dtd)==1)
837-
result= true;
838-
839-
if (!result)
840-
xml_ereport(NOTICE,ERRCODE_INVALID_XML_DOCUMENT,
841-
"validation against DTD failed");
842-
843-
#if0
844-
xmlFreeURI(uri);
845-
#endif
846-
xmlFreeDtd(dtd);
847-
xmlFreeDoc(doc);
848-
xmlFreeParserCtxt(ctxt);
849-
850-
PG_RETURN_BOOL(result);
851-
#else/* not USE_LIBXML */
852-
NO_XML_SUPPORT();
800+
ereport(ERROR,
801+
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
802+
errmsg("xmlvalidate is not implemented")));
853803
return0;
854-
#endif/* not USE_LIBXML */
855804
}
856805

857806

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp