1 |
mattm 14/06/25 20:44:15 |
2 |
|
3 |
Added: zbx8151.patch |
4 |
Log: |
5 |
Upstream version bump with patch for Security bug 513814, Cleanup for prior security bug 509898 |
6 |
|
7 |
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 786037A7) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-analyzer/zabbix/files/2.2/patches/zbx8151.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/zabbix/files/2.2/patches/zbx8151.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/zabbix/files/2.2/patches/zbx8151.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: zbx8151.patch |
16 |
=================================================================== |
17 |
Index: frontends/php/include/defines.inc.php |
18 |
=================================================================== |
19 |
--- frontends/php/include/defines.inc.php (revision 46596) |
20 |
+++ frontends/php/include/defines.inc.php (revision 46655) |
21 |
@@ -835,6 +835,14 @@ |
22 |
|
23 |
define('ZBX_DEFAULT_IMPORT_HOST_GROUP', 'Imported hosts'); |
24 |
|
25 |
+// XML import flags |
26 |
+// See ZBX-8151. Old version of libxml suffered from setting DTDLOAD and NOENT flags by default, which allowed |
27 |
+// performing XXE attacks. Calling libxml_disable_entity_loader(true) also had no affect if flags passed to libxml |
28 |
+// calls were 0 - so for better security with legacy libxml we need to call libxml_disable_entity_loader(true) AND |
29 |
+// pass the LIBXML_NONET flag. Please keep in mind that LIBXML_NOENT actually EXPANDS entities, opposite to it's name - |
30 |
+// so this flag is not needed here. |
31 |
+define('LIBXML_IMPORT_FLAGS', LIBXML_NONET); |
32 |
+ |
33 |
// API errors |
34 |
define('ZBX_API_ERROR_INTERNAL', 111); |
35 |
define('ZBX_API_ERROR_PARAMETERS', 100); |
36 |
Index: frontends/php/include/classes/import/readers/CXmlImportReader.php |
37 |
=================================================================== |
38 |
--- frontends/php/include/classes/import/readers/CXmlImportReader.php (revision 46596) |
39 |
+++ frontends/php/include/classes/import/readers/CXmlImportReader.php (revision 46655) |
40 |
@@ -32,7 +32,8 @@ |
41 |
*/ |
42 |
public function read($string) { |
43 |
libxml_use_internal_errors(true); |
44 |
- $result = simplexml_load_string($string); |
45 |
+ libxml_disable_entity_loader(true); |
46 |
+ $result = simplexml_load_string($string, null, LIBXML_IMPORT_FLAGS); |
47 |
if (!$result) { |
48 |
$errors = libxml_get_errors(); |
49 |
libxml_clear_errors(); |
50 |
Index: frontends/php/include/classes/import/CXmlImport18.php |
51 |
=================================================================== |
52 |
--- frontends/php/include/classes/import/CXmlImport18.php (revision 46596) |
53 |
+++ frontends/php/include/classes/import/CXmlImport18.php (revision 46655) |
54 |
@@ -390,12 +390,13 @@ |
55 |
return $array; |
56 |
} |
57 |
|
58 |
- public static function import($file) { |
59 |
+ public static function import($source) { |
60 |
|
61 |
libxml_use_internal_errors(true); |
62 |
+ libxml_disable_entity_loader(true); |
63 |
|
64 |
$xml = new DOMDocument(); |
65 |
- if (!$xml->loadXML($file)) { |
66 |
+ if (!$xml->loadXML($source, LIBXML_IMPORT_FLAGS)) { |
67 |
$text = ''; |
68 |
foreach (libxml_get_errors() as $error) { |
69 |
switch ($error->level) { |