Skip to content
Commit e0355360 authored by Nick Wellnhofer's avatar Nick Wellnhofer
Browse files

Fix security framework bypass 

xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
don't check for this condition and allow access. With a specially
crafted URL, xsltCheckRead could be tricked into returning an error
because of a supposedly invalid URL that would still be loaded
succesfully later on.

Fixes #12.

Thanks to Felix Wilhelm for the report.
parent eb48a900
Hide whitespace changes
Inline Side-by-side
  • Ghost User @ghost ·

    It is good that errors are now treated as permission denied. It seems strange, however, that there is no error message created to let somebody find out what happened.

  • Nick Wellnhofer @nwellnhof ·
    Author Maintainer

    @jkonczal In libxslt, if a function returns an error code, it means that an error has already been reported. Here's an example: https://gitlab.gnome.org/GNOME/libxslt/blob/master/libxslt/security.c#L443

  • Ghost User @ghost ·

    That explains it. Thanks.

  • Tomasz Kłoczko @kloczek ·

    Is it any change to make new release with that fix?

0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment