From: claudio <claudio@openbsd.org>
Date: Tue, 9 Nov 2021 11:01:04 +0000 (+0000)
Subject: Issue a parse error for XML files that include a DOCTYPE section.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8487774ddd2021d76b980f8f27e0cafcbd6b1b7b;p=openbsd

Issue a parse error for XML files that include a DOCTYPE section.
DTD handling is known for various security problems and so it is best to
not even enter that mine field.
Also the RFC defines the RRDP XML schema using RELAX NG instead of DTD.

With and OK benno@ job@ tb@ beck@ deraadt@
---

diff --git a/usr.sbin/rpki-client/rrdp_delta.c b/usr.sbin/rpki-client/rrdp_delta.c
index 797c7588ad4..52683c47214 100644
--- a/usr.sbin/rpki-client/rrdp_delta.c
+++ b/usr.sbin/rpki-client/rrdp_delta.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rrdp_delta.c,v 1.5 2021/11/03 13:30:56 claudio Exp $ */
+/*	$OpenBSD: rrdp_delta.c,v 1.6 2021/11/09 11:01:04 claudio Exp $ */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -225,6 +225,16 @@ delta_content_handler(void *data, const char *content, int length)
 			PARSE_FAIL(p, "parse failed - content too big");
 }
 
+static void
+delta_doctype_handler(void *data, const char *doctypeName,
+    const char *sysid, const char *pubid, int subset)
+{
+	struct delta_xml *dxml = data;
+	XML_Parser p = dxml->parser;
+
+	PARSE_FAIL(p, "parse failed - DOCTYPE not allowed");
+}
+
 struct delta_xml *
 new_delta_xml(XML_Parser p, struct rrdp_session *rs, struct rrdp *r)
 {
@@ -243,6 +253,7 @@ new_delta_xml(XML_Parser p, struct rrdp_session *rs, struct rrdp *r)
 	    delta_xml_elem_end);
 	XML_SetCharacterDataHandler(dxml->parser, delta_content_handler);
 	XML_SetUserData(dxml->parser, dxml);
+	XML_SetDoctypeDeclHandler(dxml->parser, delta_doctype_handler, NULL);
 
 	return dxml;
 }
diff --git a/usr.sbin/rpki-client/rrdp_notification.c b/usr.sbin/rpki-client/rrdp_notification.c
index cf1ffbfaf08..28f01a0c552 100644
--- a/usr.sbin/rpki-client/rrdp_notification.c
+++ b/usr.sbin/rpki-client/rrdp_notification.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rrdp_notification.c,v 1.10 2021/11/05 14:30:53 claudio Exp $ */
+/*	$OpenBSD: rrdp_notification.c,v 1.11 2021/11/09 11:01:04 claudio Exp $ */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -308,6 +308,16 @@ notification_xml_elem_end(void *data, const char *el)
 		PARSE_FAIL(p, "parse failed - unexpected elem exit found");
 }
 
+static void
+notification_doctype_handler(void *data, const char *doctypeName,
+    const char *sysid, const char *pubid, int subset)
+{
+	struct notification_xml *nxml = data;
+	XML_Parser p = nxml->parser;
+
+	PARSE_FAIL(p, "parse failed - DOCTYPE not allowed");
+}
+
 struct notification_xml *
 new_notification_xml(XML_Parser p, struct rrdp_session *repository,
     struct rrdp_session *current, const char *notifyuri)
@@ -325,6 +335,8 @@ new_notification_xml(XML_Parser p, struct rrdp_session *repository,
 	XML_SetElementHandler(nxml->parser, notification_xml_elem_start,
 	    notification_xml_elem_end);
 	XML_SetUserData(nxml->parser, nxml);
+	XML_SetDoctypeDeclHandler(nxml->parser, notification_doctype_handler,
+	    NULL);
 
 	return nxml;
 }
diff --git a/usr.sbin/rpki-client/rrdp_snapshot.c b/usr.sbin/rpki-client/rrdp_snapshot.c
index e7d648f5f97..3e060d3e25e 100644
--- a/usr.sbin/rpki-client/rrdp_snapshot.c
+++ b/usr.sbin/rpki-client/rrdp_snapshot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rrdp_snapshot.c,v 1.4 2021/11/03 13:30:56 claudio Exp $ */
+/*	$OpenBSD: rrdp_snapshot.c,v 1.5 2021/11/09 11:01:04 claudio Exp $ */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -201,6 +201,16 @@ snapshot_content_handler(void *data, const char *content, int length)
 			PARSE_FAIL(p, "parse failed - content too big");
 }
 
+static void
+snapshot_doctype_handler(void *data, const char *doctypeName,
+    const char *sysid, const char *pubid, int subset)
+{
+	struct snapshot_xml *sxml = data;
+	XML_Parser p = sxml->parser;
+
+	PARSE_FAIL(p, "parse failed - DOCTYPE not allowed");
+}
+
 struct snapshot_xml *
 new_snapshot_xml(XML_Parser p, struct rrdp_session *rs, struct rrdp *r)
 {
@@ -219,6 +229,8 @@ new_snapshot_xml(XML_Parser p, struct rrdp_session *rs, struct rrdp *r)
 	    snapshot_xml_elem_end);
 	XML_SetCharacterDataHandler(sxml->parser, snapshot_content_handler);
 	XML_SetUserData(sxml->parser, sxml);
+	XML_SetDoctypeDeclHandler(sxml->parser, snapshot_doctype_handler,
+	    NULL);
 
 	return sxml;
 }