commit f3e2801f18bae14e41099e007de7c9a019735556
author David Zeuthen <zeuthen@chromium.org> Tue Aug 26 18:23:52 2014 -0400
committer chrome-internal-fetch <chrome-internal-fetch@google.com> Thu Aug 28 04:23:40 2014 +0000
tree 9c203dbe82efa9fc1ea692cc34a6dbf787e68a0b
parent 4906c1c6dac2ef7916bfa7193cc9324e99b4d223

update_engine: Reject XML with internal entity declarations.

This helps avoid resource exhaustion problems.

BUG=chromium:406546
TEST=New unit test + unit tests pass.

Change-Id: Ib54f378cf533c200631b274c0414075c2ea4ff67
Reviewed-on: https://chromium-review.googlesource.com/214291
Reviewed-by: Chris Masone <cmasone@chromium.org>
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: David Zeuthen <zeuthen@chromium.org>
Tested-by: David Zeuthen <zeuthen@chromium.org>

utils.cc

diff --git a/utils.cc b/utils.cc
index 2dcc8ca..ed57c14 100644
--- a/utils.cc
+++ b/utils.cc
@@ -1014,6 +1014,7 @@
     case ErrorCode::kOmahaUpdateDeferredForBackoff:
     case ErrorCode::kPostinstallPowerwashError:
     case ErrorCode::kUpdateCanceledByChannelChange:
+    case ErrorCode::kOmahaRequestXMLHasEntityDecl:
       return metrics::AttemptResult::kInternalError;
 
     // Special flags. These can't happen (we mask them out above) but
@@ -1111,6 +1112,7 @@
     case ErrorCode::kPostinstallFirmwareRONotUpdatable:
     case ErrorCode::kUnsupportedMajorPayloadVersion:
     case ErrorCode::kUnsupportedMinorPayloadVersion:
+    case ErrorCode::kOmahaRequestXMLHasEntityDecl:
       break;
 
     // Special flags. These can't happen (we mask them out above) but
@@ -1328,6 +1330,8 @@
       return "ErrorCode::kUnsupportedMajorPayloadVersion";
     case ErrorCode::kUnsupportedMinorPayloadVersion:
       return "ErrorCode::kUnsupportedMinorPayloadVersion";
+    case ErrorCode::kOmahaRequestXMLHasEntityDecl:
+      return "ErrorCode::kOmahaRequestXMLHasEntityDecl";
     // Don't add a default case to let the compiler warn about newly added
     // error codes which should be added here.
   }