From 22d0489c739042e086752119f5c3d63e78c036c6 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 21 Jan 2021 17:57:45 -0500 Subject: [PATCH] Mitigate possible XML denial of service None of the XML interfaces we would work with use !ENTITY, filter it out for more safety. Change-Id: If1296f5fcfd0d81cd19e8f309a0a11593fe37c22 --- pyghmi/ipmi/oem/lenovo/config.py | 8 +++++++- pyghmi/ipmi/oem/lenovo/nextscale.py | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/pyghmi/ipmi/oem/lenovo/config.py b/pyghmi/ipmi/oem/lenovo/config.py index bc3e5fdc..2a9844a1 100644 --- a/pyghmi/ipmi/oem/lenovo/config.py +++ b/pyghmi/ipmi/oem/lenovo/config.py @@ -44,6 +44,12 @@ CLOSE_COMMAND = [0x05] SIZE_COMMAND = [0x06] +def fromstring(inputdata): + if '!entity' in inputdata: + raise Exception('Unsupported XML') + return etree.fromstring(inputdata) + + def run_command_with_retry(connection, data): tries = 15 while tries: @@ -265,7 +271,7 @@ class LenovoFirmwareConfig(object): self.connection.ipmi_session.pause(2) if not data: raise Exception("BMC failed to return configuration information") - xml = etree.fromstring(data) + xml = fromstring(data) sortid = 0 for config in xml.iter("config"): lenovo_id = config.get("ID") diff --git a/pyghmi/ipmi/oem/lenovo/nextscale.py b/pyghmi/ipmi/oem/lenovo/nextscale.py index b9cb787a..9b4e47e4 100644 --- a/pyghmi/ipmi/oem/lenovo/nextscale.py +++ b/pyghmi/ipmi/oem/lenovo/nextscale.py @@ -15,7 +15,7 @@ import fnmatch import struct import weakref -from xml.etree.ElementTree import fromstring +from xml.etree.ElementTree import fromstring as rfromstring import zipfile import six @@ -37,6 +37,12 @@ except NameError: pass +def fromstring(inputdata): + if '!entity' in inputdata.lower(): + raise Exception('!ENTITY not supported in this interface') + return rfromstring(inputdata) + + def stringtoboolean(originput, name): input = originput.lower() try: