[shibboleth-sp2] 44/89: Add a defaulted hook to turn off DTD processing.

Ferenc Wágner wferi at moszumanska.debian.org
Thu Sep 1 09:24:07 UTC 2016 

This is an automated email from the git hooks/post-receive script.

wferi pushed a commit to branch master
in repository shibboleth-sp2.

commit a4afca914cffe9689d42c4edd8330094cfc175c0
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Mon Jun 6 12:13:02 2016 -0400

    Add a defaulted hook to turn off DTD processing.
---
 schemas/shibboleth-2.0-native-sp-config.xsd | 1 +
 shibsp/impl/XMLServiceProvider.cpp          | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index ce7f468..8ff5838 100644
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -823,6 +823,7 @@
       <attribute name="langFromClient" type="boolean"/>
       <attribute name="langPriority" type="conf:listOfStrings"/>
       <attribute name="contactPriority" type="conf:listOfStrings"/>
+      <attribute name="disableDTD" type="boolean"/>
       <anyAttribute namespace="##other" processContents="lax"/>
     </complexType>
   </element>
diff --git a/shibsp/impl/XMLServiceProvider.cpp b/shibsp/impl/XMLServiceProvider.cpp
index 20f94f8..89157de 100644
--- a/shibsp/impl/XMLServiceProvider.cpp
+++ b/shibsp/impl/XMLServiceProvider.cpp
@@ -2071,6 +2071,13 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, XMLConfig* outer,
 
     // Much of the processing can only occur on the first instantiation.
     if (first) {
+        // Disable DTD processing by default if Xerces happens to be new enough,
+        // but not so new that we can control it with parser settings.
+        pair<bool,bool> disableDTD = getBool("disableDTD");
+        if (!disableDTD.first || disableDTD.second) {
+            putenv("XERCES_DISABLE_DTD=1");
+        }
+
         // Set clock skew.
         pair<bool,unsigned int> skew=getUnsignedInt("clockSkew");
         if (skew.first)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list