summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/zabbix/files/2.2/patches/zbx8151.patch')
-rw-r--r--net-analyzer/zabbix/files/2.2/patches/zbx8151.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/net-analyzer/zabbix/files/2.2/patches/zbx8151.patch b/net-analyzer/zabbix/files/2.2/patches/zbx8151.patch
new file mode 100644
index 000000000000..076e10ab75a4
--- /dev/null
+++ b/net-analyzer/zabbix/files/2.2/patches/zbx8151.patch
@@ -0,0 +1,53 @@
+Index: frontends/php/include/defines.inc.php
+===================================================================
+--- frontends/php/include/defines.inc.php (revision 46596)
++++ frontends/php/include/defines.inc.php (revision 46655)
+@@ -835,6 +835,14 @@
+
+ define('ZBX_DEFAULT_IMPORT_HOST_GROUP', 'Imported hosts');
+
++// XML import flags
++// See ZBX-8151. Old version of libxml suffered from setting DTDLOAD and NOENT flags by default, which allowed
++// performing XXE attacks. Calling libxml_disable_entity_loader(true) also had no affect if flags passed to libxml
++// calls were 0 - so for better security with legacy libxml we need to call libxml_disable_entity_loader(true) AND
++// pass the LIBXML_NONET flag. Please keep in mind that LIBXML_NOENT actually EXPANDS entities, opposite to it's name -
++// so this flag is not needed here.
++define('LIBXML_IMPORT_FLAGS', LIBXML_NONET);
++
+ // API errors
+ define('ZBX_API_ERROR_INTERNAL', 111);
+ define('ZBX_API_ERROR_PARAMETERS', 100);
+Index: frontends/php/include/classes/import/readers/CXmlImportReader.php
+===================================================================
+--- frontends/php/include/classes/import/readers/CXmlImportReader.php (revision 46596)
++++ frontends/php/include/classes/import/readers/CXmlImportReader.php (revision 46655)
+@@ -32,7 +32,8 @@
+ */
+ public function read($string) {
+ libxml_use_internal_errors(true);
+- $result = simplexml_load_string($string);
++ libxml_disable_entity_loader(true);
++ $result = simplexml_load_string($string, null, LIBXML_IMPORT_FLAGS);
+ if (!$result) {
+ $errors = libxml_get_errors();
+ libxml_clear_errors();
+Index: frontends/php/include/classes/import/CXmlImport18.php
+===================================================================
+--- frontends/php/include/classes/import/CXmlImport18.php (revision 46596)
++++ frontends/php/include/classes/import/CXmlImport18.php (revision 46655)
+@@ -390,12 +390,13 @@
+ return $array;
+ }
+
+- public static function import($file) {
++ public static function import($source) {
+
+ libxml_use_internal_errors(true);
++ libxml_disable_entity_loader(true);
+
+ $xml = new DOMDocument();
+- if (!$xml->loadXML($file)) {
++ if (!$xml->loadXML($source, LIBXML_IMPORT_FLAGS)) {
+ $text = '';
+ foreach (libxml_get_errors() as $error) {
+ switch ($error->level) {