[xml] Most robust libxml2 parser API

I would like to write guidelines for using libxml2 in the most robust
way possible.  I'm particularly concerned about denial-of-service
attacks, either CPU hogs, or significantly larger memory allocation than
the input document (say, going from a 100 KiB XML file to a 1 GiB memory
allocation).  Disallowing entity declarations or an inline document type
definition is acceptable.

My attempts in this area have yielded mixed results so far.  The
application code I looked at used the reader API (xmlReaderForFile,
xmlTextReaderRead, xmlTextReaderConstValue, etc.), and depending on the
flags used to create the reader object, there are still
denial-of-service issues with the current libxml2 version (and also
undetectable document alteration).

Is there are more robust interface?  If you can tell me the one that is
supposedly safe, I can see if I can break it, and if not, I'll write up
the recommendation and file application bugs as required to change to
the correct way of handling XML.

Florian Weimer / Red Hat Product Security

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]