Issue a parse error for XML files that include a DOCTYPE section.

DTD handling is known for various security problems and so it is best to
not even enter that mine field.
Also the RFC defines the RRDP XML schema using RELAX NG instead of DTD.

With and OK benno@ job@ tb@ beck@ deraadt@

diff --git a/usr.sbin/rpki-client/rrdp_delta.c b/usr.sbin/rpki-client/rrdp_delta.c
index 797c758..52683c4 100644 (file)
--- a/usr.sbin/rpki-client/rrdp_delta.c
+++ b/usr.sbin/rpki-client/rrdp_delta.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rrdp_delta.c,v 1.5 2021/11/03 13:30:56 claudio Exp $ */
+/*     $OpenBSD: rrdp_delta.c,v 1.6 2021/11/09 11:01:04 claudio Exp $ */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -225,6 +225,16 @@ delta_content_handler(void *data, const char *content, int length)
                        PARSE_FAIL(p, "parse failed - content too big");
 }
 
+static void
+delta_doctype_handler(void *data, const char *doctypeName,
+    const char *sysid, const char *pubid, int subset)
+{
+       struct delta_xml *dxml = data;
+       XML_Parser p = dxml->parser;
+
+       PARSE_FAIL(p, "parse failed - DOCTYPE not allowed");
+}
+
 struct delta_xml *
 new_delta_xml(XML_Parser p, struct rrdp_session *rs, struct rrdp *r)
 {
@@ -243,6 +253,7 @@ new_delta_xml(XML_Parser p, struct rrdp_session *rs, struct rrdp *r)
            delta_xml_elem_end);
        XML_SetCharacterDataHandler(dxml->parser, delta_content_handler);
        XML_SetUserData(dxml->parser, dxml);
+       XML_SetDoctypeDeclHandler(dxml->parser, delta_doctype_handler, NULL);
 
        return dxml;
 }

diff --git a/usr.sbin/rpki-client/rrdp_notification.c b/usr.sbin/rpki-client/rrdp_notification.c
index cf1ffbf..28f01a0 100644 (file)
--- a/usr.sbin/rpki-client/rrdp_notification.c
+++ b/usr.sbin/rpki-client/rrdp_notification.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rrdp_notification.c,v 1.10 2021/11/05 14:30:53 claudio Exp $ */
+/*     $OpenBSD: rrdp_notification.c,v 1.11 2021/11/09 11:01:04 claudio Exp $ */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -308,6 +308,16 @@ notification_xml_elem_end(void *data, const char *el)
                PARSE_FAIL(p, "parse failed - unexpected elem exit found");
 }
 
+static void
+notification_doctype_handler(void *data, const char *doctypeName,
+    const char *sysid, const char *pubid, int subset)
+{
+       struct notification_xml *nxml = data;
+       XML_Parser p = nxml->parser;
+
+       PARSE_FAIL(p, "parse failed - DOCTYPE not allowed");
+}
+
 struct notification_xml *
 new_notification_xml(XML_Parser p, struct rrdp_session *repository,
     struct rrdp_session *current, const char *notifyuri)
@@ -325,6 +335,8 @@ new_notification_xml(XML_Parser p, struct rrdp_session *repository,
        XML_SetElementHandler(nxml->parser, notification_xml_elem_start,
            notification_xml_elem_end);
        XML_SetUserData(nxml->parser, nxml);
+       XML_SetDoctypeDeclHandler(nxml->parser, notification_doctype_handler,
+           NULL);
 
        return nxml;
 }

diff --git a/usr.sbin/rpki-client/rrdp_snapshot.c b/usr.sbin/rpki-client/rrdp_snapshot.c
index e7d648f..3e060d3 100644 (file)
--- a/usr.sbin/rpki-client/rrdp_snapshot.c
+++ b/usr.sbin/rpki-client/rrdp_snapshot.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rrdp_snapshot.c,v 1.4 2021/11/03 13:30:56 claudio Exp $ */
+/*     $OpenBSD: rrdp_snapshot.c,v 1.5 2021/11/09 11:01:04 claudio Exp $ */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -201,6 +201,16 @@ snapshot_content_handler(void *data, const char *content, int length)
                        PARSE_FAIL(p, "parse failed - content too big");
 }
 
+static void
+snapshot_doctype_handler(void *data, const char *doctypeName,
+    const char *sysid, const char *pubid, int subset)
+{
+       struct snapshot_xml *sxml = data;
+       XML_Parser p = sxml->parser;
+
+       PARSE_FAIL(p, "parse failed - DOCTYPE not allowed");
+}
+
 struct snapshot_xml *
 new_snapshot_xml(XML_Parser p, struct rrdp_session *rs, struct rrdp *r)
 {
@@ -219,6 +229,8 @@ new_snapshot_xml(XML_Parser p, struct rrdp_session *rs, struct rrdp *r)
            snapshot_xml_elem_end);
        XML_SetCharacterDataHandler(sxml->parser, snapshot_content_handler);
        XML_SetUserData(sxml->parser, sxml);
+       XML_SetDoctypeDeclHandler(sxml->parser, snapshot_doctype_handler,
+           NULL);
 
        return sxml;
 }