Wiki source code of Engine_libxslt

Last modified by Nicolas Gregoire on 2012/07/23 16:53
Show last authors
1 {{toc/}}
2
3 = Introduction =
4
5 [[libxslt>>http://xmlsoft.org/XSLT/||rel="__blank" title="libxslt Home Page"]] is a C based XSLT engine developed for the GNOME project.
6
7 = Supported version =
8
9 1.0
10
11 = Command line =
12
13 $> xsltproc foo.xsl foo.xml
14
15
16 = Identification strings =
17
18 |=xsl:vendor-url|http:~/~/xmlsoft.org/XSLT/
19 |=xsl:vendor|libxslt
20 |=xsl:version|1.0
21
22 = Known parser bugs =
23
24 |=CVE|=Title|=Ticket|=Credits|=Misc
25 |CVE-2012-2825|Wild read in XSL handling|[[127417>>https://code.google.com/p/chromium/issues/detail?id=127417||rel="__blank"]]|Nicolas Gregoire|[[Diff>>http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=bb7bfb81c158268fb242292b7e0fbd2d3b933d09||rel="__blank"]]
26 |CVE-2011-3970|Out-of-bounds read in libxslt|[[110277>>https://code.google.com/p/chromium/issues/detail?id=110277||rel="__blank"]]|Aki Helin of OUSPG|[[Diff>>http://git.gnome.org/browse/libxslt/commit?id=fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b||rel="__blank"]]
27
28 Public repositories:
29
30 * Gnome: http://git.gnome.org/browse/libxslt/
31 * Chromium: http://git.chromium.org/gitweb/?p=chromium/src.git;a=history;f=third_party/libxslt;hb=HEAD
32
33 {{warning}}
34 TODO: Add a page for libxml2
35 {{/warning}}
36
37 |=CVE|=Title|=Ticket|=Credits|=Misc
38 |CVE-2012-2807|Integer overflows in libxml|[[129930>>https://code.google.com/p/chromium/issues/detail?id=129930||rel="__blank"]]|Jüri Aedla|[[Diff>>http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb||rel="__blank"]]
39 |CVE-2011-3919|Heap-buffer-overflow in libxml|[[107128>>https://code.google.com/p/chromium/issues/detail?id=107128||rel="__blank"]]|Jüri Aedla|[[Diff>>http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e||rel="__blank"]]
40 |CVE-2011-3102|Off-by-one out-of-bounds write in libxml|[[125462>>https://code.google.com/p/chromium/issues
41 /detail?id=125462||rel="__blank"]]|Jüri Aedla|[[Diff>>http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e||rel="__blank"]]
42 |CVE-2011-3905|Out-of-bounds reads in libxml|[[95465>>https://code.google.com/p/chromium/issues/detail?id=95465||rel="__blank"]]|Inferno|[[Diff>>http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/parser.c?r1=100883&r2=100882&pathrev=100883||rel="__blank"]]
43 |CVE-2011-2834|Double free in libxml XPath handling|[[93472>>https://code.google.com/p/chromium/issues/detail?id=93472||rel="__blank"]]|Yang Dingning|[[Diff>>http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=98359&r2=98358&pathrev=98359||rel="__blank"]]
44 |CVE-2011-2821|Double free in libxml XPath handling|[[89402 (public)>>https://code.google.com/p/chromium/issues/detail?id=89402||rel="__blank"]]|Yang Dingning|[[Diff1>>http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb||rel="__blank"]] [[Diff2>>http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=95382&r2=95381&pathrev=95382||rel="__blank"]]
45 |CVE-2011-0216|Off-by-one error leading to heap-based buffer overflow in encoding||Billy Rios|[[Diff>>http://git.gnome.org/browse/libxml2/commit/?id=69f04562f75212bfcabecd190ea8b06ace28ece2||rel="__blank"]]
46 |CVE-2011-1944|Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets||Chris Evans|[[Diff>>http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4||rel="__blank"]] [[Blogpost>>http://scarybeastsecurity.blogspot.fr/2011/05/libxml-vulnerability-and-interesting.html||rel="__blank"]]
47 |CVE-2010-4494|Double free in libxml XPath handling|[[63444 (public)>>https://code.google.com/p/chromium/issues/detail?id=63444||rel="__blank"]]|Yang Dingning|[[Diff1>>http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722||rel="__blank"]] [[Diff2>>http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=66567&r2=66566&pathrev=66567||rel="__blank"]]
48 |CVE-2010-4008|Crash by traversal of XPath axis|[[58731 (public)>>http://code.google.com/p/chromium/issues/detail?id=58731||rel="__blank"]]|Bui Quang Minh from Bkis|[[Diff1>>http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c||rel="__blank"]] [[Diff2>>http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9||rel="__blank"]]
49
50 Public repositories:
51
52 * Gnome: http://git.gnome.org/browse/libxml2/
53 * Chromium: http://git.chromium.org/gitweb/?p=chromium/src.git;a=history;f=third_party/libxml;hb=HEAD
54
55 = Special features =
56
57 * File creation
58 * Cryptographic functions
59
60 = File creation =
61
62 Several functions, associated at different namespaces, allow to create files on the engine side. They're all aliases to the xsltDocumentElem() function defined in libxslt/transform.c. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten.
63
64 |=Namespace|=Extension element|=Parameter|=PoC
65 |http:~/~/www.w3.org/1999/XSL/Transform|document|href|[[libxslt-xsl-document.xsl>>attach:libxslt-xsl-document.xsl]]\\
66 |http:~/~/www.jclark.com/xt|document|href|[[libxslt-xt-document.xsl>>attach:libxslt-xt-document.xsl]]\\
67 |http:~/~/exslt.org/common|document|href|[[libxslt-exslt-document.xsl>>attach:libxslt-exslt-document.xsl]]\\
68 |org.apache.xalan.xslt.extensions.Redirect|write|href|[[libxslt-xalan-write.xsl>>attach:libxslt-xalan-write.xsl]]\\
69 |http:~/~/icl.com/saxon|output|href|[[libxslt-saxon-output.xsl>>attach:libxslt-saxon-output.xsl]]\\
70
71 Note : The first line uses the standard XSLT namespace, which is always available.
72
73 = Cryptographic functions =
74
75 {{warning}}
76 TODO
77 {{/warning}}