Skip to content
This repository has been archived by the owner on Apr 28, 2020. It is now read-only.

Commit

Permalink
Merge branch 'security/zf2014-01'
Browse files Browse the repository at this point in the history
Resolves ZF2014-01 - XXE/XEE vulnerabilities
  • Loading branch information
weierophinney committed Mar 6, 2014
2 parents 43bb61e + 7a42486 commit 9337625
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 26 deletions.
9 changes: 5 additions & 4 deletions src/Fault.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
namespace Zend\XmlRpc;

use SimpleXMLElement;
use ZendXml\Security as XmlSecurity;

/**
* XMLRPC Faults
Expand Down Expand Up @@ -180,10 +181,10 @@ public function loadXml($fault)

$xmlErrorsFlag = libxml_use_internal_errors(true);
try {
$xml = new SimpleXMLElement($fault);
} catch (\Exception $e) {
// Not valid XML
throw new Exception\InvalidArgumentException('Failed to parse XML fault: ' . $e->getMessage(), 500, $e);
$xml = XmlSecurity::scan($fault);
} catch (\ZendXml\Exception\RuntimeException $e) {
// Unsecure XML
throw new Exception\RuntimeException('Failed to parse XML fault: ' . $e->getMessage(), 500, $e);
}
if (!$xml instanceof SimpleXMLElement) {
$errors = libxml_get_errors();
Expand Down
25 changes: 4 additions & 21 deletions src/Response.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@

namespace Zend\XmlRpc;

use ZendXml\Security as XmlSecurity;

/**
* XmlRpc Response
*
Expand Down Expand Up @@ -151,28 +153,9 @@ public function loadXml($response)
return false;
}

// @see ZF-12293 - disable external entities for security purposes
$loadEntities = libxml_disable_entity_loader(true);
$useInternalXmlErrors = libxml_use_internal_errors(true);
try {
$dom = new \DOMDocument;
$dom->loadXML($response);
foreach ($dom->childNodes as $child) {
if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
throw new Exception\ValueException(
'Invalid XML: Detected use of illegal DOCTYPE'
);
}
}
// TODO: Locate why this passes tests but a simplexml import doesn't
//$xml = simplexml_import_dom($dom);
$xml = new \SimpleXMLElement($response);
libxml_disable_entity_loader($loadEntities);
libxml_use_internal_errors($useInternalXmlErrors);
} catch (\Exception $e) {
libxml_disable_entity_loader($loadEntities);
libxml_use_internal_errors($useInternalXmlErrors);
// Not valid XML
$xml = XmlSecurity::scan($response);
} catch (\ZendXml\Exception\RuntimeException $e) {
$this->fault = new Fault(651);
$this->fault->setEncoding($this->getEncoding());
return false;
Expand Down
2 changes: 1 addition & 1 deletion test/FaultTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ public function testLoadXml()

public function testLoadXmlThrowsExceptionOnInvalidInput()
{
$this->setExpectedException('Zend\XmlRpc\Exception\InvalidArgumentException', 'Failed to parse XML fault: String could not be parsed as XML');
$this->setExpectedException('Zend\XmlRpc\Exception\InvalidArgumentException', 'Failed to parse XML fault');
$parsed = $this->_fault->loadXml('foo');
}

Expand Down

0 comments on commit 9337625

Please sign in to comment.