From 86a6c8c5f959fb97d4aaadcfb7343535f73c272a Mon Sep 17 00:00:00 2001
From: Micah Snyder <micasnyd@cisco.com>
Date: Mon, 5 Dec 2022 15:46:23 -0800
Subject: [PATCH] Disable XML entity expansion in DMG file parsing

XML entity expansion may be used to load an XML entity from a
(different) local file than the file being scanned if the scanning
process can read the referenced file path.

This may be used to leak information from the local file to the person
who initiated the scan.

The libxml2 option XML_PARSE_NOENT means that no entities should
be left in the document and not that no entities should be resolved.
This commit removes that option.
---
 libclamav/dmg.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libclamav/dmg.c b/libclamav/dmg.c
index 7b882022da..4447bb38c4 100644
--- a/libclamav/dmg.c
+++ b/libclamav/dmg.c
@@ -206,8 +206,7 @@ int cli_scandmg(cli_ctx *ctx)
 /* This is the block where we require libxml2 */
 #if HAVE_LIBXML2
 
-/* XML_PARSE_NOENT | XML_PARSE_NONET | XML_PARSE_COMPACT */
-#define DMG_XML_PARSE_OPTS ((1 << 1 | 1 << 11 | 1 << 16) | CLAMAV_MIN_XMLREADER_FLAGS)
+#define DMG_XML_PARSE_OPTS ((XML_PARSE_NONET | XML_PARSE_COMPACT) | CLAMAV_MIN_XMLREADER_FLAGS)
 
     reader = xmlReaderForMemory(outdata, (int)hdr.xmlLength, "toc.xml", NULL, DMG_XML_PARSE_OPTS);
     if (!reader) {