Remove XML_PARSE_NOENT flag to prevent XML external entity injection

author Junghyun Yeon <jungh.yeon@samsung.com>

Thu, 10 Aug 2017 06:39:31 +0000 (15:39 +0900)

committer Junghyun Yeon <jungh.yeon@samsung.com>

Thu, 10 Aug 2017 06:39:31 +0000 (15:39 +0900)
author Junghyun Yeon <jungh.yeon@samsung.com>
Thu, 10 Aug 2017 06:39:31 +0000 (15:39 +0900)
committer Junghyun Yeon <jungh.yeon@samsung.com>
Thu, 10 Aug 2017 06:39:31 +0000 (15:39 +0900)
diff --git a/src/manifest_parser/manifest_util.cc b/src/manifest_parser/manifest_util.cc

index 1487b8bf6b0a94e184bf94154cbea48658c39d01..9bb05857ebaba218f417cea1afa77d2a44e1e186 100644 (file)
--- a/src/manifest_parser/manifest_util.cc
+++ b/src/manifest_parser/manifest_util.cc
@@ -312,7 +312,7 @@ std::shared_ptr<Manifest> LoadManifest(const std::string& manifest_path,
      std::string* error, std::shared_ptr<ManifestConstraints> constraints) {
    xmlDoc * doc = nullptr;
    xmlNode* root_node = nullptr;
-  doc = xmlReadFile(manifest_path.c_str(), nullptr, XML_PARSE_NOENT);
+  doc = xmlReadFile(manifest_path.c_str(), nullptr, 0);
    if (!doc) {
      *error = "Manifest file is missing or unreadable.";
      return nullptr;
author	Junghyun Yeon <jungh.yeon@samsung.com>
	Thu, 10 Aug 2017 06:39:31 +0000 (15:39 +0900)
committer	Junghyun Yeon <jungh.yeon@samsung.com>
	Thu, 10 Aug 2017 06:39:31 +0000 (15:39 +0900)