| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0002313 | LibDOM | [All Projects] General | public | 2015-05-02 12:47 | 2016-11-20 20:11 | ||||||||
| Reporter | hotrod | ||||||||||||
| Assigned To | |||||||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||||||
| Status | confirmed | Resolution | open | ||||||||||
| Summary | 0002313: Entity ref fetching in libdom is broken | ||||||||||||
| Description | When visiting some sites like http://www.aftonbladet.se/ or http://www.dn.se/ a requester asking you to insert "http:" in any drive keeps appearing. | ||||||||||||
| Tags | No tags attached. | ||||||||||||
| Fixed in CI build # | |||||||||||||
| Reported in CI build # | 2758 | ||||||||||||
| Attached Files |
| ||||||||||||
 Relationships |
|
 Relationships |
| Notes |
|
Chris Young (developer) 2015-05-05 19:00 |
This is because for some reason when SVGs are opened using libsvgtiny, the DTD specified in the header is opened as a normal file path: 00492 : NetSurf : o.k. = Open("http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd",OLD) = [0x16426BFE] [366442uS] 00493 : NetSurf : FAIL = ExamineObject(0x59FA6AC8) [83uS] 00494 : NetSurf : FAIL = IsInteractive("http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd") 00495 : NetSurf : FAIL = IsFileSystem("http:") [183uS] 00496 : NetSurf : FAIL = ExamineFH("") [61uS] 00497 : NetSurf : FAIL = Open("svg-framework.mod",OLD) = [0x00000000] [128uS] 00498 : NetSurf : ROOT = ParentOfFH(0x16426BFE) "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [46uS] It reports "ok" here because I have http-handler installed which takes care of opening such paths through DOS. However, the DTD (if it is required at all) should be fetched from the network rather than treated as a disk-based file. |
|
Chris Young (developer) 2015-05-05 19:02 |
I think this is a libsvgtiny bug, as I vaguely recall it being mentioned previously in relation to my little svg2dr2d tool. |
|
Chris Young (developer) 2015-05-05 19:28 Last edited: 2016-08-22 10:37 |
The libdom XML binding expat_xmlparser_external_entity_ref_handler() has a blind fopen in it, it's likely that this is the reason. (at http://git.netsurf-browser.org/libdom.git/tree/bindings/xml/expat_xmlparser.c#n307) I don't know how viable it is to initiate a fetch from there, but we should at least be checking this is not a network URI before calling fopen(). |
ChrisH (reporter) 2016-08-22 13:08 |
FWIW, this problem still occurs in the latest builds of NetSurf. (At least I'm told the problem I have is caused by this bug.) |
|
Chris Young (developer) 2016-08-23 17:44 |
I've implemented a partial fix in CI3682. The entity reference handling was calling fopen on the location, which after some research, turns out to be wrong. The location provided is either absolute or relative to the base (current doc being parsed), and is always a URI once resolved so should be fetched from the network. file: URIs can be fetched with fopen, however relative paths still need resolving first, and certain NetSurf frontends need different handling on changing this URI to a valid filesystem path. There is a POC in the chris/fetch-x-ent-ref branches, but it needs some serious testing and has an issue in that the parsing doesn't finish before libsvgtiny destroys the XML parser - so that needs fixing. For now not fetching the external entities is better than reading a potentially dangerous unintended file. |
|
Chris Young (developer) 2016-08-23 17:59 |
I've had to reverse my partial fix because it breaks the libdom tests. **This needs fixing properly, it could be a potential security issue** |
|
Chris Young (developer) 2016-11-20 20:11 |
I've suppressed the requester in CI3774, but the entity ref fetching is still broken so I'm leaving this open. |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-05-02 12:47 | hotrod | New Issue | |
| 2015-05-05 19:00 | Chris Young | Note Added: 0000841 | |
| 2015-05-05 19:00 | Chris Young | Status | new => confirmed |
| 2015-05-05 19:02 | Chris Young | Note Added: 0000842 | |
| 2015-05-05 19:28 | Chris Young | Note Added: 0000843 | |
| 2016-04-17 13:01 | Chris Young | Project | NetSurf => LibSVGTiny |
| 2016-04-17 13:01 | Chris Young | Category | Amiga-specific => General |
| 2016-08-17 11:35 | Chris Young | Project | LibSVGTiny => LibDOM |
| 2016-08-22 10:37 | Chris Young | Note Edited: 0000843 | View Revisions |
| 2016-08-22 13:08 | ChrisH | Note Added: 0001390 | |
| 2016-08-23 17:44 | Chris Young | Note Added: 0001391 | |
| 2016-08-23 17:59 | Chris Young | Note Added: 0001392 | |
| 2016-08-23 18:02 | Chris Young | Severity | minor => major |
| 2016-11-20 20:11 | Chris Young | Note Added: 0001417 | |
| 2016-11-20 20:11 | Chris Young | Summary | Brings up anoying requester on certain sites => Entity ref fetching in libdom is broken (was: Brings up anoying requester on certain sites) |
| 2016-11-20 20:11 | Chris Young | Summary | Entity ref fetching in libdom is broken (was: Brings up anoying requester on certain sites) => Entity ref fetching in libdom is broken |
| Issue History |