From 1564b30e994602a95863d9716be83612580a2fed Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Thu, 9 Aug 2012 16:18:51 +0800 Subject: [PATCH] Hardening of code checking node types in various entry point --- libxslt/attributes.c | 5 +++-- libxslt/preproc.c | 45 +++++++++++++++++++++++---------------------- libxslt/templates.c | 15 ++++++++++----- libxslt/transform.c | 2 +- libxslt/variables.c | 10 +++++----- libxslt/xslt.c | 43 +++++++++++++++++++++++++------------------ libxslt/xsltutils.c | 27 +++++++++++++++++++-------- 7 files changed, 86 insertions(+), 61 deletions(-) diff --git a/libxslt/attributes.c b/libxslt/attributes.c index ce47df7..11d558b 100644 --- a/libxslt/attributes.c +++ b/libxslt/attributes.c @@ -293,7 +293,7 @@ xsltParseStylesheetAttributeSet(xsltStylesheetPtr style, xmlNodePtr cur) { xmlNodePtr child; xsltAttrElemPtr attrItems; - if ((cur == NULL) || (style == NULL)) + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return; value = xmlGetNsProp(cur, (const xmlChar *)"name", NULL); @@ -656,7 +656,8 @@ xsltAttributeInternal(xsltTransformContextPtr ctxt, xmlNsPtr ns = NULL; xmlAttrPtr attr; - if ((ctxt == NULL) || (contextNode == NULL) || (inst == NULL)) + if ((ctxt == NULL) || (contextNode == NULL) || (inst == NULL) || + (inst->type != XML_ELEMENT_NODE) ) return; /* diff --git a/libxslt/preproc.c b/libxslt/preproc.c index f5d265d..4d483ff 100644 --- a/libxslt/preproc.c +++ b/libxslt/preproc.c @@ -680,7 +680,7 @@ xsltSortComp(xsltStylesheetPtr style, xmlNodePtr inst) { #else xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -788,7 +788,7 @@ xsltCopyComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED comp = (xsltStyleItemCopyPtr) xsltNewStylePreComp(style, XSLT_FUNC_COPY); @@ -832,7 +832,7 @@ xsltTextComp(xsltStylesheetPtr style, xmlNodePtr inst) { #endif const xmlChar *prop; - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -885,7 +885,7 @@ xsltElementComp(xsltStylesheetPtr style, xmlNodePtr inst) { * * */ - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1002,7 +1002,7 @@ xsltAttributeComp(xsltStylesheetPtr style, xmlNodePtr inst) { * * */ - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1122,7 +1122,7 @@ xsltCommentComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1152,7 +1152,7 @@ xsltProcessingInstructionComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1186,7 +1186,7 @@ xsltCopyOfComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1233,7 +1233,7 @@ xsltValueOfComp(xsltStylesheetPtr style, xmlNodePtr inst) { #endif const xmlChar *prop; - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1358,7 +1358,7 @@ xsltWithParamComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1417,7 +1417,7 @@ xsltNumberComp(xsltStylesheetPtr style, xmlNodePtr cur) { #endif const xmlChar *prop; - if ((style == NULL) || (cur == NULL)) + if ((style == NULL) || (cur == NULL) || (cur->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1543,7 +1543,7 @@ xsltApplyImportsComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1573,7 +1573,7 @@ xsltCallTemplateComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1612,7 +1612,7 @@ xsltApplyTemplatesComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1664,7 +1664,7 @@ xsltChooseComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1695,7 +1695,7 @@ xsltIfComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1741,7 +1741,7 @@ xsltWhenComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1787,7 +1787,7 @@ xsltForEachComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1835,7 +1835,7 @@ xsltVariableComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -1914,7 +1914,7 @@ xsltParamComp(xsltStylesheetPtr style, xmlNodePtr inst) { xsltStylePreCompPtr comp; #endif - if ((style == NULL) || (inst == NULL)) + if ((style == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -2006,7 +2006,7 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr node) { * the parsing mechanism for all elements in the XSLT namespace. */ if (style == NULL) { - if (node != NULL) + if ((node != NULL) && (node->type == XML_ELEMENT_NODE)) node->psvi = NULL; return; } @@ -2221,7 +2221,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) { * namespace- and local-name of the node, but can evaluate this * using cctxt->style->inode->category; */ - if (inst->psvi != NULL) + if ((inst == NULL) || (inst->type != XML_ELEMENT_NODE) || + (inst->psvi != NULL)) return; if (IS_XSLT_ELEM(inst)) { diff --git a/libxslt/templates.c b/libxslt/templates.c index 52bb3cf..169afd9 100644 --- a/libxslt/templates.c +++ b/libxslt/templates.c @@ -198,7 +198,8 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt, xmlNodePtr oldInsert, insert = NULL; xmlChar *ret; - if ((ctxt == NULL) || (contextNode == NULL) || (inst == NULL)) + if ((ctxt == NULL) || (contextNode == NULL) || (inst == NULL) || + (inst->type != XML_ELEMENT_NODE)) return(NULL); if (inst->children == NULL) @@ -390,7 +391,8 @@ xsltEvalAttrValueTemplate(xsltTransformContextPtr ctxt, xmlNodePtr inst, xmlChar *ret; xmlChar *expr; - if ((ctxt == NULL) || (inst == NULL) || (name == NULL)) + if ((ctxt == NULL) || (inst == NULL) || (name == NULL) || + (inst->type != XML_ELEMENT_NODE)) return(NULL); expr = xsltGetNsProp(inst, name, ns); @@ -434,7 +436,8 @@ xsltEvalStaticAttrValueTemplate(xsltStylesheetPtr style, xmlNodePtr inst, const xmlChar *ret; xmlChar *expr; - if ((style == NULL) || (inst == NULL) || (name == NULL)) + if ((style == NULL) || (inst == NULL) || (name == NULL) || + (inst->type != XML_ELEMENT_NODE)) return(NULL); expr = xsltGetNsProp(inst, name, ns); @@ -475,7 +478,8 @@ xsltAttrTemplateProcess(xsltTransformContextPtr ctxt, xmlNodePtr target, const xmlChar *value; xmlAttrPtr ret; - if ((ctxt == NULL) || (attr == NULL) || (target == NULL)) + if ((ctxt == NULL) || (attr == NULL) || (target == NULL) || + (target->type != XML_ELEMENT_NODE)) return(NULL); if (attr->type != XML_ATTRIBUTE_NODE) @@ -632,7 +636,8 @@ xsltAttrListTemplateProcess(xsltTransformContextPtr ctxt, const xmlChar *value; xmlChar *valueAVT; - if ((ctxt == NULL) || (target == NULL) || (attrs == NULL)) + if ((ctxt == NULL) || (target == NULL) || (attrs == NULL) || + (target->type != XML_ELEMENT_NODE)) return(NULL); oldInsert = ctxt->insert; diff --git a/libxslt/transform.c b/libxslt/transform.c index c6df19e..bc6d851 100644 --- a/libxslt/transform.c +++ b/libxslt/transform.c @@ -777,7 +777,7 @@ xsltCopyTextString(xsltTransformContextPtr ctxt, xmlNodePtr target, #endif /* - * Play save and reset the merging mechanism for every new + * Play safe and reset the merging mechanism for every new * target node. */ if ((target == NULL) || (target->children == NULL)) { diff --git a/libxslt/variables.c b/libxslt/variables.c index cb0d4b0..2d26872 100644 --- a/libxslt/variables.c +++ b/libxslt/variables.c @@ -1935,7 +1935,7 @@ xsltParseStylesheetCallerParam(xsltTransformContextPtr ctxt, xmlNodePtr inst) the instruction itself. */ xsltStackElemPtr param = NULL; - if ((ctxt == NULL) || (inst == NULL)) + if ((ctxt == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) return(NULL); #ifdef XSLT_REFACTORED @@ -1994,7 +1994,7 @@ xsltParseGlobalVariable(xsltStylesheetPtr style, xmlNodePtr cur) xsltStylePreCompPtr comp; #endif - if ((cur == NULL) || (style == NULL)) + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -2056,7 +2056,7 @@ xsltParseGlobalParam(xsltStylesheetPtr style, xmlNodePtr cur) { xsltStylePreCompPtr comp; #endif - if ((cur == NULL) || (style == NULL)) + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return; #ifdef XSLT_REFACTORED @@ -2119,7 +2119,7 @@ xsltParseStylesheetVariable(xsltTransformContextPtr ctxt, xmlNodePtr inst) xsltStylePreCompPtr comp; #endif - if ((inst == NULL) || (ctxt == NULL)) + if ((inst == NULL) || (ctxt == NULL) || (inst->type != XML_ELEMENT_NODE)) return; comp = inst->psvi; @@ -2161,7 +2161,7 @@ xsltParseStylesheetParam(xsltTransformContextPtr ctxt, xmlNodePtr cur) xsltStylePreCompPtr comp; #endif - if ((cur == NULL) || (ctxt == NULL)) + if ((cur == NULL) || (ctxt == NULL) || (cur->type != XML_ELEMENT_NODE)) return; comp = cur->psvi; diff --git a/libxslt/xslt.c b/libxslt/xslt.c index 6293bb3..2bc8af5 100644 --- a/libxslt/xslt.c +++ b/libxslt/xslt.c @@ -1162,9 +1162,9 @@ xsltParseStylesheetOutput(xsltStylesheetPtr style, xmlNodePtr cur) xmlChar *element, *end; - if ((cur == NULL) || (style == NULL)) + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return; - + prop = xmlGetNsProp(cur, (const xmlChar *) "version", NULL); if (prop != NULL) { if (style->version != NULL) @@ -1377,12 +1377,12 @@ xsltParseStylesheetDecimalFormat(xsltStylesheetPtr style, xmlNodePtr cur) xmlChar *prop; xsltDecimalFormatPtr format; xsltDecimalFormatPtr iter; - - if ((cur == NULL) || (style == NULL)) + + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return; format = style->decimalFormat; - + prop = xmlGetNsProp(cur, BAD_CAST("name"), NULL); if (prop != NULL) { format = xsltDecimalFormatGetByName(style, prop); @@ -1484,7 +1484,7 @@ xsltParseStylesheetPreserveSpace(xsltStylesheetPtr style, xmlNodePtr cur) { xmlChar *elements; xmlChar *element, *end; - if ((cur == NULL) || (style == NULL)) + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return; elements = xmlGetNsProp(cur, (const xmlChar *)"elements", NULL); @@ -1558,7 +1558,7 @@ xsltParseStylesheetExtPrefix(xsltStylesheetPtr style, xmlNodePtr cur, xmlChar *prefixes; xmlChar *prefix, *end; - if ((cur == NULL) || (style == NULL)) + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return; if (isXsltElem) { @@ -1623,7 +1623,7 @@ xsltParseStylesheetStripSpace(xsltStylesheetPtr style, xmlNodePtr cur) { xmlChar *elements; xmlChar *element, *end; - if ((cur == NULL) || (style == NULL)) + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return; elements = xmlGetNsProp(cur, (const xmlChar *)"elements", NULL); @@ -1696,7 +1696,7 @@ xsltParseStylesheetExcludePrefix(xsltStylesheetPtr style, xmlNodePtr cur, xmlChar *prefixes; xmlChar *prefix, *end; - if ((cur == NULL) || (style == NULL)) + if ((cur == NULL) || (style == NULL) || (cur->type != XML_ELEMENT_NODE)) return(0); if (isXsltElem) @@ -4287,7 +4287,7 @@ static int xsltParseUnknownXSLTElem(xsltCompilerCtxtPtr cctxt, xmlNodePtr node) { - if ((cctxt == NULL) || (node == NULL)) + if ((cctxt == NULL) || (node == NULL) || (node->type != XML_ELEMENT_NODE)) return(-1); /* @@ -4384,7 +4384,7 @@ xsltParseSequenceConstructor(xsltCompilerCtxtPtr cctxt, xmlNodePtr cur) if (cctxt->inode->category == XSLT_ELEMENT_CATEGORY_EXTENSION) { cctxt->inode->extContentHandled = 1; } - if (cur == NULL) + if ((cur == NULL) || (cur->type == XML_NAMESPACE_DECL)) return; /* * This is the content reffered to as a "template". @@ -4789,7 +4789,8 @@ xsltParseSequenceConstructor(xsltCompilerCtxtPtr cctxt, xmlNodePtr cur) */ void xsltParseTemplateContent(xsltStylesheetPtr style, xmlNodePtr templ) { - if ((style == NULL) || (templ == NULL)) + if ((style == NULL) || (templ == NULL) || + (templ->type == XML_NAMESPACE_DECL)) return; /* @@ -4838,6 +4839,10 @@ xsltParseTemplateContent(xsltStylesheetPtr style, xmlNodePtr templ) { void xsltParseTemplateContent(xsltStylesheetPtr style, xmlNodePtr templ) { xmlNodePtr cur, delete; + + if ((style == NULL) || (templ == NULL) || + (templ->type == XML_NAMESPACE_DECL)) return; + /* * This content comes from the stylesheet * For stylesheets, the set of whitespace-preserving @@ -5057,7 +5062,7 @@ xsltParseStylesheetKey(xsltStylesheetPtr style, xmlNodePtr key) { xmlChar *name = NULL; xmlChar *nameURI = NULL; - if ((style == NULL) || (key == NULL)) + if ((style == NULL) || (key == NULL) || (key->type != XML_ELEMENT_NODE)) return; /* @@ -5147,7 +5152,8 @@ xsltParseXSLTTemplate(xsltCompilerCtxtPtr cctxt, xmlNodePtr templNode) { xmlChar *prop; double priority; - if ((cctxt == NULL) || (templNode == NULL)) + if ((cctxt == NULL) || (templNode == NULL) || + (templNode->type != XML_ELEMENT_NODE)) return; /* @@ -5308,7 +5314,8 @@ xsltParseStylesheetTemplate(xsltStylesheetPtr style, xmlNodePtr template) { xmlChar *modeURI = NULL; double priority; - if (template == NULL) + if ((style == NULL) || (template == NULL) || + (template->type != XML_ELEMENT_NODE)) return; /* @@ -5440,7 +5447,7 @@ static xsltStyleItemIncludePtr xsltCompileXSLTIncludeElem(xsltCompilerCtxtPtr cctxt, xmlNodePtr node) { xsltStyleItemIncludePtr item; - if ((cctxt == NULL) || (node == NULL)) + if ((cctxt == NULL) || (node == NULL) || (node->type != XML_ELEMENT_NODE)) return(NULL); node->psvi = NULL; @@ -5960,7 +5967,7 @@ xsltParseXSLTStylesheetElem(xsltCompilerCtxtPtr cctxt, xmlNodePtr node) { xmlNodePtr cur, start; - if ((cctxt == NULL) || (node == NULL)) + if ((cctxt == NULL) || (node == NULL) || (node->type != XML_ELEMENT_NODE)) return(-1); if (node->children == NULL) @@ -6048,7 +6055,7 @@ xsltParseStylesheetTop(xsltStylesheetPtr style, xmlNodePtr top) { int templates = 0; #endif - if (top == NULL) + if ((top == NULL) || (top->type != XML_ELEMENT_NODE)) return; prop = xmlGetNsProp(top, (const xmlChar *)"version", NULL); diff --git a/libxslt/xsltutils.c b/libxslt/xsltutils.c index 7a4caf0..6a0e8f2 100644 --- a/libxslt/xsltutils.c +++ b/libxslt/xsltutils.c @@ -91,10 +91,15 @@ xsltGetCNsProp(xsltStylesheetPtr style, xmlNodePtr node, if ((node == NULL) || (style == NULL) || (style->dict == NULL)) return(NULL); - prop = node->properties; - if (nameSpace == NULL) { + if (nameSpace == NULL) return xmlGetProp(node, name); - } + + if (node->type == XML_NAMESPACE_DECL) + return(NULL); + if (node->type == XML_ELEMENT_NODE) + prop = node->properties; + else + prop = NULL; while (prop != NULL) { /* * One need to have @@ -131,7 +136,7 @@ xsltGetCNsProp(xsltStylesheetPtr style, xmlNodePtr node, attrDecl = xmlGetDtdAttrDesc(doc->intSubset, node->name, name); if ((attrDecl == NULL) && (doc->extSubset != NULL)) attrDecl = xmlGetDtdAttrDesc(doc->extSubset, node->name, name); - + if ((attrDecl != NULL) && (attrDecl->prefix != NULL)) { /* * The DTD declaration only allows a prefix search @@ -173,7 +178,15 @@ xsltGetNsProp(xmlNodePtr node, const xmlChar *name, const xmlChar *nameSpace) { if (node == NULL) return(NULL); - prop = node->properties; + if (nameSpace == NULL) + return xmlGetProp(node, name); + + if (node->type == XML_NAMESPACE_DECL) + return(NULL); + if (node->type == XML_ELEMENT_NODE) + prop = node->properties; + else + prop = NULL; /* * TODO: Substitute xmlGetProp() for xmlGetNsProp(), since the former * is not namespace-aware and will return an attribute with equal @@ -183,8 +196,6 @@ xsltGetNsProp(xmlNodePtr node, const xmlChar *name, const xmlChar *nameSpace) { * So this would return "myName" even if an attribute @name * in the XSLT was requested. */ - if (nameSpace == NULL) - return(xmlGetProp(node, name)); while (prop != NULL) { /* * One need to have @@ -217,7 +228,7 @@ xsltGetNsProp(xmlNodePtr node, const xmlChar *name, const xmlChar *nameSpace) { attrDecl = xmlGetDtdAttrDesc(doc->intSubset, node->name, name); if ((attrDecl == NULL) && (doc->extSubset != NULL)) attrDecl = xmlGetDtdAttrDesc(doc->extSubset, node->name, name); - + if ((attrDecl != NULL) && (attrDecl->prefix != NULL)) { /* * The DTD declaration only allows a prefix search -- 1.7.12