>From coverity scan

Error: UNSAFE_XML_PARSE_CONFIG:
vhostmd-1.1/libmetrics/libmetrics.c:412: unsafe_xml_parse_config: XML parse 
option should not have flag "XML_PARSE_NOENT" set, which is vulnerable to XML 
external entity attack.
  410|      mdisk->doc = xmlCtxtReadMemory(mdisk->pctxt, mdisk->buffer,
  411|              mdisk->length, "mdisk.xml", NULL,
  412|->            XML_PARSE_NOENT | XML_PARSE_NONET |
  413|              XML_PARSE_NOWARNING);
  414|      if (!mdisk->doc) {

It should be safe to remove the option.

Signed-off-by: Jim Fehlig <jfeh...@suse.com>
---
 libmetrics/libmetrics.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libmetrics/libmetrics.c b/libmetrics/libmetrics.c
index 4b2369a..2819f80 100644
--- a/libmetrics/libmetrics.c
+++ b/libmetrics/libmetrics.c
@@ -418,9 +418,8 @@ retry:
    }
 
    mdisk->doc = xmlCtxtReadMemory(mdisk->pctxt, mdisk->buffer, 
-           mdisk->length, "mdisk.xml", NULL, 
-           XML_PARSE_NOENT | XML_PARSE_NONET |
-           XML_PARSE_NOWARNING);
+                                  mdisk->length, "mdisk.xml", NULL, 
+                                  XML_PARSE_NONET | XML_PARSE_NOWARNING);
    if (!mdisk->doc) {
       libmsg("%s(): libxml failed to parse mdisk.xml buffer\n", __func__);
       goto error;
-- 
2.16.4


_______________________________________________
virt-tools-list mailing list
virt-tools-list@redhat.com
https://www.redhat.com/mailman/listinfo/virt-tools-list

Reply via email to