Wiki source code of Engine_libxslt
Show last authors
author | version | line-number | content |
---|---|---|---|
1 | {{toc/}} | ||
2 | |||
3 | = Introduction = | ||
4 | |||
5 | [[libxslt>>http://xmlsoft.org/XSLT/||rel="__blank" title="libxslt Home Page"]] is a C based XSLT engine developed for the GNOME project. | ||
6 | |||
7 | = Supported version = | ||
8 | |||
9 | 1.0 | ||
10 | |||
11 | = Command line = | ||
12 | |||
13 | $> xsltproc foo.xsl foo.xml | ||
14 | |||
15 | |||
16 | = Identification strings = | ||
17 | |||
18 | |=xsl:vendor-url|http:~/~/xmlsoft.org/XSLT/ | ||
19 | |=xsl:vendor|libxslt | ||
20 | |=xsl:version|1.0 | ||
21 | |||
22 | = Known parser bugs = | ||
23 | |||
24 | |=CVE|=Title|=Ticket|=Credits|=Misc | ||
25 | |CVE-2012-2825|Wild read in XSL handling|[[127417>>https://code.google.com/p/chromium/issues/detail?id=127417||rel="__blank"]]|Nicolas Gregoire|[[Diff>>http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=bb7bfb81c158268fb242292b7e0fbd2d3b933d09||rel="__blank"]] | ||
26 | |CVE-2011-3970|Out-of-bounds read in libxslt|[[110277>>https://code.google.com/p/chromium/issues/detail?id=110277||rel="__blank"]]|Aki Helin of OUSPG|[[Diff>>http://git.gnome.org/browse/libxslt/commit?id=fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b||rel="__blank"]] | ||
27 | |||
28 | Public repositories: | ||
29 | |||
30 | * Gnome: http://git.gnome.org/browse/libxslt/ | ||
31 | * Chromium: http://git.chromium.org/gitweb/?p=chromium/src.git;a=history;f=third_party/libxslt;hb=HEAD | ||
32 | |||
33 | {{warning}} | ||
34 | TODO: Add a page for libxml2 | ||
35 | {{/warning}} | ||
36 | |||
37 | |=CVE|=Title|=Ticket|=Credits|=Misc | ||
38 | |CVE-2012-2807|Integer overflows in libxml|[[129930>>https://code.google.com/p/chromium/issues/detail?id=129930||rel="__blank"]]|Jüri Aedla|[[Diff>>http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb||rel="__blank"]] | ||
39 | |CVE-2011-3919|Heap-buffer-overflow in libxml|[[107128>>https://code.google.com/p/chromium/issues/detail?id=107128||rel="__blank"]]|Jüri Aedla|[[Diff>>http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e||rel="__blank"]] | ||
40 | |CVE-2011-3102|Off-by-one out-of-bounds write in libxml|[[125462>>https://code.google.com/p/chromium/issues | ||
41 | /detail?id=125462||rel="__blank"]]|Jüri Aedla|[[Diff>>http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e||rel="__blank"]] | ||
42 | |CVE-2011-3905|Out-of-bounds reads in libxml|[[95465>>https://code.google.com/p/chromium/issues/detail?id=95465||rel="__blank"]]|Inferno|[[Diff>>http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/parser.c?r1=100883&r2=100882&pathrev=100883||rel="__blank"]] | ||
43 | |CVE-2011-2834|Double free in libxml XPath handling|[[93472>>https://code.google.com/p/chromium/issues/detail?id=93472||rel="__blank"]]|Yang Dingning|[[Diff>>http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=98359&r2=98358&pathrev=98359||rel="__blank"]] | ||
44 | |CVE-2011-2821|Double free in libxml XPath handling|[[89402 (public)>>https://code.google.com/p/chromium/issues/detail?id=89402||rel="__blank"]]|Yang Dingning|[[Diff1>>http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb||rel="__blank"]] [[Diff2>>http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=95382&r2=95381&pathrev=95382||rel="__blank"]] | ||
45 | |CVE-2011-0216|Off-by-one error leading to heap-based buffer overflow in encoding||Billy Rios|[[Diff>>http://git.gnome.org/browse/libxml2/commit/?id=69f04562f75212bfcabecd190ea8b06ace28ece2||rel="__blank"]] | ||
46 | |CVE-2011-1944|Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets||Chris Evans|[[Diff>>http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4||rel="__blank"]] [[Blogpost>>http://scarybeastsecurity.blogspot.fr/2011/05/libxml-vulnerability-and-interesting.html||rel="__blank"]] | ||
47 | |CVE-2010-4494|Double free in libxml XPath handling|[[63444 (public)>>https://code.google.com/p/chromium/issues/detail?id=63444||rel="__blank"]]|Yang Dingning|[[Diff1>>http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722||rel="__blank"]] [[Diff2>>http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=66567&r2=66566&pathrev=66567||rel="__blank"]] | ||
48 | |CVE-2010-4008|Crash by traversal of XPath axis|[[58731 (public)>>http://code.google.com/p/chromium/issues/detail?id=58731||rel="__blank"]]|Bui Quang Minh from Bkis|[[Diff1>>http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c||rel="__blank"]] [[Diff2>>http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9||rel="__blank"]] | ||
49 | |||
50 | Public repositories: | ||
51 | |||
52 | * Gnome: http://git.gnome.org/browse/libxml2/ | ||
53 | * Chromium: http://git.chromium.org/gitweb/?p=chromium/src.git;a=history;f=third_party/libxml;hb=HEAD | ||
54 | |||
55 | = Special features = | ||
56 | |||
57 | * File creation | ||
58 | * Cryptographic functions | ||
59 | |||
60 | = File creation = | ||
61 | |||
62 | Several functions, associated at different namespaces, allow to create files on the engine side. They're all aliases to the xsltDocumentElem() function defined in libxslt/transform.c. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten. | ||
63 | |||
64 | |=Namespace|=Extension element|=Parameter|=PoC | ||
65 | |http:~/~/www.w3.org/1999/XSL/Transform|document|href|[[libxslt-xsl-document.xsl>>attach:libxslt-xsl-document.xsl]]\\ | ||
66 | |http:~/~/www.jclark.com/xt|document|href|[[libxslt-xt-document.xsl>>attach:libxslt-xt-document.xsl]]\\ | ||
67 | |http:~/~/exslt.org/common|document|href|[[libxslt-exslt-document.xsl>>attach:libxslt-exslt-document.xsl]]\\ | ||
68 | |org.apache.xalan.xslt.extensions.Redirect|write|href|[[libxslt-xalan-write.xsl>>attach:libxslt-xalan-write.xsl]]\\ | ||
69 | |http:~/~/icl.com/saxon|output|href|[[libxslt-saxon-output.xsl>>attach:libxslt-saxon-output.xsl]]\\ | ||
70 | |||
71 | Note : The first line uses the standard XSLT namespace, which is always available. | ||
72 | |||
73 | = Cryptographic functions = | ||
74 | |||
75 | {{warning}} | ||
76 | TODO | ||
77 | {{/warning}} |