Skip to content
This repository was archived by the owner on Apr 28, 2020. It is now read-only.

Commit 204ccbe

Browse files
committed
Merge branch 'security/zf2014-01'
Resolves ZF2014-01 - XXE/XEE vulnerabilities
2 parents 43bb61e + 7a42486 commit 204ccbe

File tree

3 files changed

+10
-26
lines changed

3 files changed

+10
-26
lines changed

src/Fault.php

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
namespace Zend\XmlRpc;
1111

1212
use SimpleXMLElement;
13+
use ZendXml\Security as XmlSecurity;
1314

1415
/**
1516
* XMLRPC Faults
@@ -180,10 +181,10 @@ public function loadXml($fault)
180181

181182
$xmlErrorsFlag = libxml_use_internal_errors(true);
182183
try {
183-
$xml = new SimpleXMLElement($fault);
184-
} catch (\Exception $e) {
185-
// Not valid XML
186-
throw new Exception\InvalidArgumentException('Failed to parse XML fault: ' . $e->getMessage(), 500, $e);
184+
$xml = XmlSecurity::scan($fault);
185+
} catch (\ZendXml\Exception\RuntimeException $e) {
186+
// Unsecure XML
187+
throw new Exception\RuntimeException('Failed to parse XML fault: ' . $e->getMessage(), 500, $e);
187188
}
188189
if (!$xml instanceof SimpleXMLElement) {
189190
$errors = libxml_get_errors();

src/Response.php

Lines changed: 4 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@
99

1010
namespace Zend\XmlRpc;
1111

12+
use ZendXml\Security as XmlSecurity;
13+
1214
/**
1315
* XmlRpc Response
1416
*
@@ -151,28 +153,9 @@ public function loadXml($response)
151153
return false;
152154
}
153155

154-
// @see ZF-12293 - disable external entities for security purposes
155-
$loadEntities = libxml_disable_entity_loader(true);
156-
$useInternalXmlErrors = libxml_use_internal_errors(true);
157156
try {
158-
$dom = new \DOMDocument;
159-
$dom->loadXML($response);
160-
foreach ($dom->childNodes as $child) {
161-
if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
162-
throw new Exception\ValueException(
163-
'Invalid XML: Detected use of illegal DOCTYPE'
164-
);
165-
}
166-
}
167-
// TODO: Locate why this passes tests but a simplexml import doesn't
168-
//$xml = simplexml_import_dom($dom);
169-
$xml = new \SimpleXMLElement($response);
170-
libxml_disable_entity_loader($loadEntities);
171-
libxml_use_internal_errors($useInternalXmlErrors);
172-
} catch (\Exception $e) {
173-
libxml_disable_entity_loader($loadEntities);
174-
libxml_use_internal_errors($useInternalXmlErrors);
175-
// Not valid XML
157+
$xml = XmlSecurity::scan($response);
158+
} catch (\ZendXml\Exception\RuntimeException $e) {
176159
$this->fault = new Fault(651);
177160
$this->fault->setEncoding($this->getEncoding());
178161
return false;

test/FaultTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ public function testLoadXml()
146146

147147
public function testLoadXmlThrowsExceptionOnInvalidInput()
148148
{
149-
$this->setExpectedException('Zend\XmlRpc\Exception\InvalidArgumentException', 'Failed to parse XML fault: String could not be parsed as XML');
149+
$this->setExpectedException('Zend\XmlRpc\Exception\InvalidArgumentException', 'Failed to parse XML fault');
150150
$parsed = $this->_fault->loadXml('foo');
151151
}
152152

0 commit comments

Comments
 (0)