Close the stream for disallowed XML features

According to RFC 6120 if any disallowed XML feature is encountered, we should close the stream with a <restricted-xml/>. The following features of XML are prohibited in XMPP: - processing instructions - internal or external DTD subsets - internal or external entity references - comments Test-information: Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS Change-Id: I475920c91b7f9da51ab37c106a4783a52f6e3cae
author: Joanna Hulboj <joanna.hulboj@isode.com> 2019-09-12 08:54:19 (GMT)
committer: Joanna Hulboj <joanna.hulboj@isode.com> 2019-09-16 08:17:07 (GMT)
commit: 181ac4a83ba4a82be683fb0a6f08393d3c91320c (patch)
tree: 76e41aac0cda8be5582137d34cb0c9f5683c9dc2 /Swiften/Parser/LibXMLParser.cpp
parent: 415870c04a7e6cabf13e6acf3a94bb0f68732907 (diff)
download: swift-181ac4a83ba4a82be683fb0a6f08393d3c91320c.zip
swift-181ac4a83ba4a82be683fb0a6f08393d3c91320c.tar.bz2
1 files changed, 29 insertions, 1 deletions
diff --git a/Swiften/Parser/LibXMLParser.cpp b/Swiften/Parser/LibXMLParser.cpp
index 192f44b..4e02059 100644
--- a/Swiften/Parser/LibXMLParser.cpp
+++ b/Swiften/Parser/LibXMLParser.cpp
@@ -61,2 +61,20 @@ static void handleCharacterData(void* parser, const xmlChar* data, int len) {
 
+static void handleComment(void* parser, const xmlChar* /*data*/) {
+    if (!static_cast<LibXMLParser*>(parser)->allowsComments()) {
+        static_cast<LibXMLParser*>(parser)->stopParser();
+    }
+}
+
+static void handleEntityDeclaration(void * parser, const xmlChar* /*name*/, int /*type*/, const xmlChar* /*publicId*/, const xmlChar* /*systemId*/, xmlChar* /*content*/) {
+    static_cast<LibXMLParser*>(parser)->stopParser();
+}
+
+static void handleProcessingInstruction(void* parser, const xmlChar* /*target*/, const xmlChar* /*data*/) {
+    static_cast<LibXMLParser*>(parser)->stopParser();
+}
+
+static void handleExternalSubset(void* parser, const xmlChar * /*name*/, const xmlChar * /*ExternalID*/, const xmlChar * /*SystemID*/) {
+    static_cast<LibXMLParser*>(parser)->stopParser();
+}
+
 static void handleError(void*, const char* /*m*/, ... ) {
@@ -75,3 +93,3 @@ bool LibXMLParser::initialized = false;
 
-LibXMLParser::LibXMLParser(XMLParserClient* client) : XMLParser(client), p(new Private()) {
+LibXMLParser::LibXMLParser(XMLParserClient* client, bool allowComments) : XMLParser(client, allowComments), p(new Private()) {
     // Initialize libXML for multithreaded applications
@@ -89,2 +107,6 @@ LibXMLParser::LibXMLParser(XMLParserClient* client) : XMLParser(client), p(new P
     p->handler_.error = &handleError;
+    p->handler_.comment = &handleComment;
+    p->handler_.entityDecl = &handleEntityDeclaration;
+    p->handler_.processingInstruction = &handleProcessingInstruction;
+    p->handler_.externalSubset = &handleExternalSubset;
 
@@ -108,2 +130,3 @@ bool LibXMLParser::parse(const std::string& data, bool finalData) {
     }
+    if (stopped_) return false;
     xmlError* error = xmlCtxtGetLastError(p->context_);
@@ -117,2 +140,7 @@ bool LibXMLParser::parse(const std::string& data, bool finalData) {
 
+void LibXMLParser::stopParser() {
+    stopped_ = true;
+    xmlStopParser(p->context_);
+}
+
 }
author	Joanna Hulboj <joanna.hulboj@isode.com>	2019-09-12 08:54:19 (GMT)
committer	Joanna Hulboj <joanna.hulboj@isode.com>	2019-09-16 08:17:07 (GMT)
commit	181ac4a83ba4a82be683fb0a6f08393d3c91320c (patch)
tree	76e41aac0cda8be5582137d34cb0c9f5683c9dc2 /Swiften/Parser/LibXMLParser.cpp
parent	415870c04a7e6cabf13e6acf3a94bb0f68732907 (diff)
download	swift-181ac4a83ba4a82be683fb0a6f08393d3c91320c.zip swift-181ac4a83ba4a82be683fb0a6f08393d3c91320c.tar.bz2