Patch libxslt_54440.patch for Streams related Bug #54440

Patch version 2011-04-03 22:32 UTC

• 2011-04-03 22:32 UTC [diff to current]

Developer: cataphract@php.net

diff -Nru php-5.3.6-orig/ext/xsl/php_xsl.h php-5.3.6-ok/ext/xsl/php_xsl.h
--- php-5.3.6-orig/ext/xsl/php_xsl.h	2011-04-01 17:02:33.000000000 +0200
+++ php-5.3.6-ok/ext/xsl/php_xsl.h	2011-04-01 17:03:29.000000000 +0200
@@ -32,6 +32,7 @@
 #include <libxslt/xsltInternals.h>
 #include <libxslt/xsltutils.h>
 #include <libxslt/transform.h>
+#include <libxslt/security.h> 
 #if HAVE_XSL_EXSLT
 #include <libexslt/exslt.h>
 #include <libexslt/exsltconfig.h>
diff -Nru php-5.3.6-orig/ext/xsl/xsltprocessor.c php-5.3.6-ok/ext/xsl/xsltprocessor.c
--- php-5.3.6-orig/ext/xsl/xsltprocessor.c	2011-04-01 17:02:33.000000000 +0200
+++ php-5.3.6-ok/ext/xsl/xsltprocessor.c	2011-04-01 17:03:29.000000000 +0200
@@ -531,11 +531,26 @@
 	}
 	efree(member);
 
+	/* Add security checks */
+	/* XSLT_SECPREF_READ_FILE and XSLT_SECPREF_READ_NETWORK aren't needed */
+
+	xsltSecurityPrefsPtr secPrefs = xsltNewSecurityPrefs(); 
+
+	if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) 
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt WRITE_FILE property");
+	if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) 
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt WRITE_NETWORK property");
+	if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) 
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt CREATE_DIRECTORY property");
+	if (0 != xsltSetCtxtSecurityPrefs(secPrefs, ctxt)) 
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt security handler");
+
 	newdocp = xsltApplyStylesheetUser(style, doc, (const char**) params,  NULL, f, ctxt);
 	if (f) {
 		fclose(f);
 	}
 	xsltFreeTransformContext(ctxt);
+	xsltFreeSecurityPrefs(secPrefs);
 
 	if (intern->node_list != NULL) {
 		zend_hash_destroy(intern->node_list);