Репозитории ALT
S: | 0.11.6-alt2 |
5.1: | 0.7.4-alt1 |
Другие репозитории
Upstream: | 0.7.3 |
Группа :: Игры/Стратегия
Пакет: freecol
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: CVE-2018-1000825.patch
Скачать
Скачать
From: Markus Koschany <apo@debian.org>
Date: Mon, 24 Feb 2020 12:33:58 +0100
Subject: CVE-2018-1000825
Bug-Debian: https://bugs.debian.org/917023
Origin: https://github.com/FreeCol/freecol/commit/8963506897e3270a75b062f28486934bcb79b1e3
---
src/net/sf/freecol/common/io/FreeColXMLReader.java | 19 +++++++++++++++++--
src/net/sf/freecol/common/model/FreeColObject.java | 3 +++
src/net/sf/freecol/common/networking/Connection.java | 3 +++
src/net/sf/freecol/common/networking/DOMMessage.java | 3 +++
src/net/sf/freecol/tools/GenerateDocumentation.java | 3 +++
5 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/src/net/sf/freecol/common/io/FreeColXMLReader.java b/src/net/sf/freecol/common/io/FreeColXMLReader.java
index dd78a40..abbaba6 100644
--- a/src/net/sf/freecol/common/io/FreeColXMLReader.java
+++ b/src/net/sf/freecol/common/io/FreeColXMLReader.java
@@ -88,7 +88,7 @@ public class FreeColXMLReader extends StreamReaderDelegate
super();
try {
- XMLInputFactory xif = XMLInputFactory.newInstance();
+ XMLInputFactory xif = newXMLInputFactory();
setParent(xif.createXMLStreamReader(inputStream, "UTF-8"));
} catch (XMLStreamException e) {
throw new IOException(e);
@@ -109,7 +109,7 @@ public class FreeColXMLReader extends StreamReaderDelegate
super();
try {
- XMLInputFactory xif = XMLInputFactory.newInstance();
+ XMLInputFactory xif = newXMLInputFactory();
setParent(xif.createXMLStreamReader(reader));
} catch (XMLStreamException e) {
throw new IOException(e);
@@ -118,6 +118,21 @@ public class FreeColXMLReader extends StreamReaderDelegate
this.readScope = ReadScope.NORMAL;
}
+ /**
+ * Create a new XMLInputFactory.
+ *
+ * Respond to CVE 2018-1000825.
+ *
+ * @return A new <code>XMLInputFactory</code>.
+ */
+ private static XMLInputFactory newXMLInputFactory() {
+ XMLInputFactory xif = XMLInputFactory.newInstance();
+ // This disables DTDs entirely for that factory
+ xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+ // disable external entities
+ xif.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
+ return xif;
+ }
/**
* Should reads from this stream intern their objects into the
diff --git a/src/net/sf/freecol/common/model/FreeColObject.java b/src/net/sf/freecol/common/model/FreeColObject.java
index 01c9887..d8f3754 100644
--- a/src/net/sf/freecol/common/model/FreeColObject.java
+++ b/src/net/sf/freecol/common/model/FreeColObject.java
@@ -49,6 +49,7 @@ import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import javax.xml.XMLConstants;
import net.sf.freecol.common.ObjectWithId;
import net.sf.freecol.common.io.FreeColXMLReader;
@@ -895,6 +896,8 @@ public abstract class FreeColObject
public void readFromXMLElement(Element element) {
try {
TransformerFactory factory = TransformerFactory.newInstance();
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer xmlTransformer = factory.newTransformer();
StringWriter stringWriter = new StringWriter();
xmlTransformer.transform(new DOMSource(element),
diff --git a/src/net/sf/freecol/common/networking/Connection.java b/src/net/sf/freecol/common/networking/Connection.java
index f88d2ed..48954bd 100644
--- a/src/net/sf/freecol/common/networking/Connection.java
+++ b/src/net/sf/freecol/common/networking/Connection.java
@@ -40,6 +40,7 @@ import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import javax.xml.XMLConstants;
import net.sf.freecol.common.FreeColException;
import net.sf.freecol.common.debug.FreeColDebugger;
@@ -101,6 +102,8 @@ public class Connection implements Closeable {
Transformer myTransformer = null;
try {
TransformerFactory factory = TransformerFactory.newInstance();
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
myTransformer = factory.newTransformer();
myTransformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION,
"yes");
diff --git a/src/net/sf/freecol/common/networking/DOMMessage.java b/src/net/sf/freecol/common/networking/DOMMessage.java
index 7181a7d..8fe7295 100644
--- a/src/net/sf/freecol/common/networking/DOMMessage.java
+++ b/src/net/sf/freecol/common/networking/DOMMessage.java
@@ -37,6 +37,7 @@ import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import javax.xml.XMLConstants;
import net.sf.freecol.common.io.FreeColXMLWriter;
import net.sf.freecol.common.debug.FreeColDebugger;
@@ -448,6 +449,8 @@ public class DOMMessage {
public static String elementToString(Element element) {
try {
TransformerFactory factory = TransformerFactory.newInstance();
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer xt = factory.newTransformer();
StringWriter sw = new StringWriter();
xt.transform(new DOMSource(element), new StreamResult(sw));
diff --git a/src/net/sf/freecol/tools/GenerateDocumentation.java b/src/net/sf/freecol/tools/GenerateDocumentation.java
index aac0f55..a52cf5b 100644
--- a/src/net/sf/freecol/tools/GenerateDocumentation.java
+++ b/src/net/sf/freecol/tools/GenerateDocumentation.java
@@ -35,6 +35,7 @@ import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
+import javax.xml.XMLConstants;
import net.sf.freecol.common.i18n.Messages;
import net.sf.freecol.common.model.StringTemplate;
@@ -192,6 +193,8 @@ public class GenerateDocumentation {
Messages.loadMessageBundle(Messages.getLocale(languageCode));
try {
TransformerFactory factory = TransformerFactory.newInstance();
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Source xsl = new StreamSource(new File("doc", XSL));
Transformer stylesheet;
try {