From 6aca76c3425d51939d8cdbd7e76154cb87e10faf Mon Sep 17 00:00:00 2001
From: Michael Keller <mikeller@042.ch>
Date: Thu, 14 Mar 2024 11:47:05 +1300
Subject: [PATCH] Import / Export: Remove Unsafe XML Handling Options.

Remove the options to expand entities and so continue when encountering invalid /
malformed XML, as both of these can be exploited by supplying
maliciously crafted XML.

Signed-off-by: Michael Keller <mikeller@042.ch>
---
 core/parse-xml.cpp        | 5 ++---
 core/save-xml.cpp         | 2 +-
 core/uploadDiveLogsDE.cpp | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/core/parse-xml.cpp b/core/parse-xml.cpp
index 7da775ff7..ba1a5c26b 100644
--- a/core/parse-xml.cpp
+++ b/core/parse-xml.cpp
@@ -1765,9 +1765,9 @@ extern "C" int parse_xml_buffer(const char *url, const char *buffer, int, struct
 
 	state.log = log;
 	state.fingerprints = &fingerprint_table; // simply use the global table for now
-	doc = xmlReadMemory(res, strlen(res), url, NULL, XML_PARSE_HUGE | XML_PARSE_RECOVER);
+	doc = xmlReadMemory(res, strlen(res), url, NULL, XML_PARSE_HUGE);
 	if (!doc)
-		doc = xmlReadMemory(res, strlen(res), url, "latin1", XML_PARSE_HUGE | XML_PARSE_RECOVER);
+		doc = xmlReadMemory(res, strlen(res), url, "latin1", XML_PARSE_HUGE);
 
 	if (res != buffer)
 		free((char *)res);
@@ -2346,7 +2346,6 @@ static xmlDoc *test_xslt_transforms(xmlDoc *doc, const struct xml_params *params
 			}
 			xmlFree(attribute);
 		}
-		xmlSubstituteEntitiesDefault(1);
 		xslt = get_stylesheet(info->file);
 		if (xslt == NULL) {
 			report_error(translate("gettextFromC", "Can't open stylesheet %s"), info->file);
diff --git a/core/save-xml.cpp b/core/save-xml.cpp
index d789d64fd..3230b837d 100644
--- a/core/save-xml.cpp
+++ b/core/save-xml.cpp
@@ -879,7 +879,7 @@ static int export_dives_xslt_doit(const char *filename, struct xml_params *param
 	 * transform it to selected export format, finally dumping
 	 * the XML into a character buffer.
 	 */
-	doc = xmlReadMemory(buf.buffer, buf.len, "divelog", NULL, XML_PARSE_HUGE | XML_PARSE_RECOVER);
+	doc = xmlReadMemory(buf.buffer, buf.len, "divelog", NULL, XML_PARSE_HUGE);
 	if (!doc)
 		return report_error("Failed to read XML memory");
 
diff --git a/core/uploadDiveLogsDE.cpp b/core/uploadDiveLogsDE.cpp
index 2f103223f..99d1edeb5 100644
--- a/core/uploadDiveLogsDE.cpp
+++ b/core/uploadDiveLogsDE.cpp
@@ -141,7 +141,7 @@ bool uploadDiveLogsDE::prepareDives(const QString &tempfile, bool selected)
 		 * transform it to divelogs.de format, finally dumping
 		 * the XML into a character buffer.
 		 */
-		xmlDoc *doc = xmlReadMemory(mb.buffer, mb.len, "divelog", NULL, XML_PARSE_HUGE | XML_PARSE_RECOVER);
+		xmlDoc *doc = xmlReadMemory(mb.buffer, mb.len, "divelog", NULL, XML_PARSE_HUGE);
 		if (!doc) {
 			qWarning() << errPrefix << "could not parse back into memory the XML file we've just created!";
 			report_error("%s", qPrintable(tr("internal error")));