mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2024-10-26 12:25:09 +03:00
xinclude: Abort immediately if max depth was exceeded
Avoids resource exhaustion if the maximum recursion depth was exceeded. Note that the XInclude engine offers no protection against other "billion laughs"-style amplification attacks as long as they stay below the maximum depth.
This commit is contained in:
parent
dc2dde1ab9
commit
be0ec005f3
@ -1,2 +1 @@
|
||||
./test/XInclude/without-reader/max-recurse.xml:42: element include: XInclude error : maximum recursion depth exceeded
|
||||
./test/XInclude/without-reader/max-recurse.xml:82: element include: XInclude error : maximum recursion depth exceeded
|
||||
|
@ -96,6 +96,7 @@ struct _xmlXIncludeCtxt {
|
||||
xmlXIncludeDoc *urlTab; /* document stack */
|
||||
|
||||
int nbErrors; /* the number of errors detected */
|
||||
int fatalErr; /* abort processing */
|
||||
int legacy; /* using XINCLUDE_OLD_NS */
|
||||
int parseFlags; /* the flags used for parsing XML documents */
|
||||
xmlChar * base; /* the current xml:base */
|
||||
@ -1865,9 +1866,12 @@ xmlXIncludeExpandNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node) {
|
||||
xmlXIncludeRefPtr ref;
|
||||
int i;
|
||||
|
||||
if (ctxt->fatalErr)
|
||||
return(NULL);
|
||||
if (ctxt->depth >= XINCLUDE_MAX_DEPTH) {
|
||||
xmlXIncludeErr(ctxt, node, XML_XINCLUDE_RECURSION,
|
||||
"maximum recursion depth exceeded\n", NULL);
|
||||
ctxt->fatalErr = 1;
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user