Fix security framework bypass
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers don't check for this condition and allow access. With a specially crafted URL, xsltCheckRead could be tricked into returning an error because of a supposedly invalid URL that would still be loaded succesfully later on. Fixes #12. Thanks to Felix Wilhelm for the report.
parent
eb48a900
-
@jkonczal In libxslt, if a function returns an error code, it means that an error has already been reported. Here's an example: https://gitlab.gnome.org/GNOME/libxslt/blob/master/libxslt/security.c#L443
Please register or sign in to comment