Engine_libxslt

Version 42.2 by Nicolas Gregoire on 2012/07/23 16:49

Introduction

libxslt is a C based XSLT engine developed for the GNOME project.

Supported version

1.0

Command line

$> xsltproc foo.xsl foo.xml

Identification strings

xsl:vendor-urlhttp://xmlsoft.org/XSLT/
xsl:vendorlibxslt
xsl:version1.0

Known parser bugs

CVETitleTicketCredits
CVE-2012-2825Wild read in XSL handling127417Nicolas Gregoire
CVE-2011-3970Out-of-bounds read in libxslt110277Aki Helin of OUSPG

TODO: Add a page for libxml2

CVETitleTicketCredits
CVE-2012-2807Integer overflows in libxml129930Jüri Aedla
CVE-2011-3119Heap-buffer-overflow in libxml107128Jüri Aedla
CVE-2011-3102Off-by-one out-of-bounds write in libxml125462Jüri Aedla

[95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno)
[93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
[89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.

Special features

  • File creation
  • Cryptographic functions

File creation

Several functions, associated at different namespaces, allow to create files on the engine side. They're all aliases to the xsltDocumentElem() function defined in libxslt/transform.c. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten. 

NamespaceExtension elementParameterPoC
http://www.w3.org/1999/XSL/Transformdocumenthreflibxslt-xsl-document.xsl
http://www.jclark.com/xtdocumenthreflibxslt-xt-document.xsl
http://exslt.org/commondocumenthreflibxslt-exslt-document.xsl
org.apache.xalan.xslt.extensions.Redirectwritehreflibxslt-xalan-write.xsl
http://icl.com/saxonoutputhreflibxslt-saxon-output.xsl

Note : The first line uses the standard XSLT namespace, which is always available.

Cryptographic functions

TODO