Re: [xml] [PATCH] MAX_DEPTH --> xmlParserMaxDepth

From: Daniel Veillard <veillard redhat com>
To: Crutcher Dunnavant <crutcher unix eng ua edu>
Cc: xml gnome org
Subject: Re: [xml] [PATCH] MAX_DEPTH --> xmlParserMaxDepth
Date: Wed, 15 Oct 2003 19:45:14 -0400

On Wed, Oct 15, 2003 at 03:34:30PM -0500, Crutcher Dunnavant wrote:

I ran into a problem using xsltproc which we traced back to 
the arbitrary, and non-settable libxml MAX_DEPTH macro in parser.c,
so, I changed it.


  howdy Crutcher,

 how are things ? Seem you still break software :-)

Sometimes you DO want rediculously huge files.


Well, it's not about huge file, it's about huge depth. Since it can become
an easy DoS attack, that guard is set in libxml2, nobody ever hit it 
before you (or didn't told).

Patches to libxml and xsltproc in libxslt are attached, please accept them.


  This makes some sense, after a bit of cleanup, I applied the patch to
libxml2, that part is easy. On the other hand applying the patch to
libxslt/xsltproc makes a hard dependancy to a not-yet-released version
of the library, so I think it should go in but I may not be able to
commit that right now.
  I also note that for symetry reasons it the same parsing option could
be added to xmllint.c ,

   cheers from #devel @ Red Hat,

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

References:
- [xml] [PATCH] MAX_DEPTH --> xmlParserMaxDepth
  - From: Crutcher Dunnavant

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]