shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-10-26 12:25:09 +03:00
Code Releases Activity

xinclude: Abort immediately if max depth was exceeded

Browse Source 
Avoids resource exhaustion if the maximum recursion depth was exceeded.

Note that the XInclude engine offers no protection against other
"billion laughs"-style amplification attacks as long as they stay below
the maximum depth.
This commit is contained in:
Nick Wellnhofer 2023-02-03 14:37:49 +01:00
parent dc2dde1ab9
commit be0ec005f3
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
result/XInclude/max-recurse.xml.err
View File

@ -1,2 +1 @@
./test/XInclude/without-reader/max-recurse.xml:42: element include: XInclude error : maximum recursion depth exceeded
./test/XInclude/without-reader/max-recurse.xml:82: element include: XInclude error : maximum recursion depth exceeded

4
xinclude.c
View File

@ -96,6 +96,7 @@ struct _xmlXIncludeCtxt {
xmlXIncludeDoc *urlTab; /* document stack */
int nbErrors; /* the number of errors detected */
int fatalErr; /* abort processing */
int legacy; /* using XINCLUDE_OLD_NS */
int parseFlags; /* the flags used for parsing XML documents */
xmlChar * base; /* the current xml:base */
@ -1865,9 +1866,12 @@ xmlXIncludeExpandNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node) {
xmlXIncludeRefPtr ref;
int i;
if (ctxt->fatalErr)
return(NULL);
if (ctxt->depth >= XINCLUDE_MAX_DEPTH) {
xmlXIncludeErr(ctxt, node, XML_XINCLUDE_RECURSION,
"maximum recursion depth exceeded\n", NULL);
ctxt->fatalErr = 1;
return(NULL);
}