| 1 |
mattm 14/06/25 20:44:15 |
| 2 |
|
| 3 |
Added: zbx8151.patch |
| 4 |
Log: |
| 5 |
Upstream version bump with patch for Security bug 513814, Cleanup for prior security bug 509898 |
| 6 |
|
| 7 |
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 786037A7) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 net-analyzer/zabbix/files/2.2/patches/zbx8151.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/zabbix/files/2.2/patches/zbx8151.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/zabbix/files/2.2/patches/zbx8151.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: zbx8151.patch |
| 16 |
=================================================================== |
| 17 |
Index: frontends/php/include/defines.inc.php |
| 18 |
=================================================================== |
| 19 |
--- frontends/php/include/defines.inc.php (revision 46596) |
| 20 |
+++ frontends/php/include/defines.inc.php (revision 46655) |
| 21 |
@@ -835,6 +835,14 @@ |
| 22 |
|
| 23 |
define('ZBX_DEFAULT_IMPORT_HOST_GROUP', 'Imported hosts'); |
| 24 |
|
| 25 |
+// XML import flags |
| 26 |
+// See ZBX-8151. Old version of libxml suffered from setting DTDLOAD and NOENT flags by default, which allowed |
| 27 |
+// performing XXE attacks. Calling libxml_disable_entity_loader(true) also had no affect if flags passed to libxml |
| 28 |
+// calls were 0 - so for better security with legacy libxml we need to call libxml_disable_entity_loader(true) AND |
| 29 |
+// pass the LIBXML_NONET flag. Please keep in mind that LIBXML_NOENT actually EXPANDS entities, opposite to it's name - |
| 30 |
+// so this flag is not needed here. |
| 31 |
+define('LIBXML_IMPORT_FLAGS', LIBXML_NONET); |
| 32 |
+ |
| 33 |
// API errors |
| 34 |
define('ZBX_API_ERROR_INTERNAL', 111); |
| 35 |
define('ZBX_API_ERROR_PARAMETERS', 100); |
| 36 |
Index: frontends/php/include/classes/import/readers/CXmlImportReader.php |
| 37 |
=================================================================== |
| 38 |
--- frontends/php/include/classes/import/readers/CXmlImportReader.php (revision 46596) |
| 39 |
+++ frontends/php/include/classes/import/readers/CXmlImportReader.php (revision 46655) |
| 40 |
@@ -32,7 +32,8 @@ |
| 41 |
*/ |
| 42 |
public function read($string) { |
| 43 |
libxml_use_internal_errors(true); |
| 44 |
- $result = simplexml_load_string($string); |
| 45 |
+ libxml_disable_entity_loader(true); |
| 46 |
+ $result = simplexml_load_string($string, null, LIBXML_IMPORT_FLAGS); |
| 47 |
if (!$result) { |
| 48 |
$errors = libxml_get_errors(); |
| 49 |
libxml_clear_errors(); |
| 50 |
Index: frontends/php/include/classes/import/CXmlImport18.php |
| 51 |
=================================================================== |
| 52 |
--- frontends/php/include/classes/import/CXmlImport18.php (revision 46596) |
| 53 |
+++ frontends/php/include/classes/import/CXmlImport18.php (revision 46655) |
| 54 |
@@ -390,12 +390,13 @@ |
| 55 |
return $array; |
| 56 |
} |
| 57 |
|
| 58 |
- public static function import($file) { |
| 59 |
+ public static function import($source) { |
| 60 |
|
| 61 |
libxml_use_internal_errors(true); |
| 62 |
+ libxml_disable_entity_loader(true); |
| 63 |
|
| 64 |
$xml = new DOMDocument(); |
| 65 |
- if (!$xml->loadXML($file)) { |
| 66 |
+ if (!$xml->loadXML($source, LIBXML_IMPORT_FLAGS)) { |
| 67 |
$text = ''; |
| 68 |
foreach (libxml_get_errors() as $error) { |
| 69 |
switch ($error->level) { |
Archives