Package: zabbix Version: 1:2.2.3+dfsg-1 Severity: grave Tags: security Advisory: http://seclists.org/fulldisclosure/2014/Jun/87
Below might be the fix, but please verify.
---
Henri Salo
svn diff -r46596:46600
Index: frontends/php/include/defines.inc.php
===================================================================
--- frontends/php/include/defines.inc.php (revision 46596)
+++ frontends/php/include/defines.inc.php (revision 46600)
@@ -835,6 +835,9 @@
define('ZBX_DEFAULT_IMPORT_HOST_GROUP', 'Imported hosts');
+// XML import flags
+define('LIBXML_IMPORT_FLAGS', LIBXML_NONET);
+
// API errors
define('ZBX_API_ERROR_INTERNAL', 111);
define('ZBX_API_ERROR_PARAMETERS', 100);
Index: frontends/php/include/classes/import/readers/CXmlImportReader.php
===================================================================
--- frontends/php/include/classes/import/readers/CXmlImportReader.php
(revision 46596)
+++ frontends/php/include/classes/import/readers/CXmlImportReader.php
(revision 46600)
@@ -32,7 +32,8 @@
*/
public function read($string) {
libxml_use_internal_errors(true);
- $result = simplexml_load_string($string);
+ libxml_disable_entity_loader(true);
+ $result = simplexml_load_string($string, null, LIBXML_IMPORT_FLAGS);
if (!$result) {
$errors = libxml_get_errors();
libxml_clear_errors();
Index: frontends/php/include/classes/import/CXmlImport18.php
===================================================================
--- frontends/php/include/classes/import/CXmlImport18.php (revision 46596)
+++ frontends/php/include/classes/import/CXmlImport18.php (revision 46600)
@@ -390,12 +390,13 @@
return $array;
}
- public static function import($file) {
+ public static function import($source) {
libxml_use_internal_errors(true);
+ libxml_disable_entity_loader(true);
$xml = new DOMDocument();
- if (!$xml->loadXML($file)) {
+ if (!$xml->loadXML($source, LIBXML_IMPORT_FLAGS)) {
$text = '';
foreach (libxml_get_errors() as $error) {
switch ($error->level) {
signature.asc
Description: Digital signature
