[virt-tools-list] [vhostmd PATCH 04/18] libmetrics: Remove unsafe XML_PARSE_NOENT option
Jim Fehlig
jfehlig at suse.com
Wed Jan 15 22:07:41 UTC 2020
>From coverity scan
Error: UNSAFE_XML_PARSE_CONFIG:
vhostmd-1.1/libmetrics/libmetrics.c:412: unsafe_xml_parse_config: XML parse option should not have flag "XML_PARSE_NOENT" set, which is vulnerable to XML external entity attack.
410| mdisk->doc = xmlCtxtReadMemory(mdisk->pctxt, mdisk->buffer,
411| mdisk->length, "mdisk.xml", NULL,
412|-> XML_PARSE_NOENT | XML_PARSE_NONET |
413| XML_PARSE_NOWARNING);
414| if (!mdisk->doc) {
It should be safe to remove the option.
Signed-off-by: Jim Fehlig <jfehlig at suse.com>
---
libmetrics/libmetrics.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/libmetrics/libmetrics.c b/libmetrics/libmetrics.c
index 4b2369a..2819f80 100644
--- a/libmetrics/libmetrics.c
+++ b/libmetrics/libmetrics.c
@@ -418,9 +418,8 @@ retry:
}
mdisk->doc = xmlCtxtReadMemory(mdisk->pctxt, mdisk->buffer,
- mdisk->length, "mdisk.xml", NULL,
- XML_PARSE_NOENT | XML_PARSE_NONET |
- XML_PARSE_NOWARNING);
+ mdisk->length, "mdisk.xml", NULL,
+ XML_PARSE_NONET | XML_PARSE_NOWARNING);
if (!mdisk->doc) {
libmsg("%s(): libxml failed to parse mdisk.xml buffer\n", __func__);
goto error;
--
2.16.4
More information about the virt-tools-list
mailing list