[xml] Most robust libxml2 parser API
- From: Florian Weimer <fweimer redhat com>
- To: xml gnome org
- Subject: [xml] Most robust libxml2 parser API
- Date: Wed, 03 Jun 2015 15:17:27 +0200
I would like to write guidelines for using libxml2 in the most robust
way possible. I'm particularly concerned about denial-of-service
attacks, either CPU hogs, or significantly larger memory allocation than
the input document (say, going from a 100 KiB XML file to a 1 GiB memory
allocation). Disallowing entity declarations or an inline document type
definition is acceptable.
My attempts in this area have yielded mixed results so far. The
application code I looked at used the reader API (xmlReaderForFile,
xmlTextReaderRead, xmlTextReaderConstValue, etc.), and depending on the
flags used to create the reader object, there are still
denial-of-service issues with the current libxml2 version (and also
undetectable document alteration).
Is there are more robust interface? If you can tell me the one that is
supposedly safe, I can see if I can break it, and if not, I'll write up
the recommendation and file application bugs as required to change to
the correct way of handling XML.
--
Florian Weimer / Red Hat Product Security
[Date Prev][
Date Next] [Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
