Re: [xml] Runtime parser limit for maximum size of text nodes

[Nick Wellnhofer <wellnhofer aevum de>]

On 22/06/2017 22:29, Daniel Veillard wrote:
>    No limit on text node and one can be DoS'ed, there is many kind
> of recursive attacks on XML, and libxml2 uses a combination of "entities
> density" and text node size to try to catch those, it's complex.
>    By offloading the choice of the maximum text size to the application
> developper you then put them in charge of doing the checking, i.e. too
> big a size and the app can be DoS'ed in practice, it just depends on the
> computer speed and memory anount. They need to be aware of that.

Right, this is something I overlooked. xmlParserEntityCheck should not use the 
user-provided max text length. Otherwise, xmlSetMaxTextLength(ctxt, SIZE_MAX) 
would disable one of the checks which wasn't my intention. We should keep the 
hardcoded limit there.

> The change of the size of the parsing context can bite some apps, that
> happen in the past when I did this, maybe they have all been corrected,
> but I would doubt it's gonna be 100% without side effects.

OK, I could revert this part of the change.

But thinking more about it, I come to the conclusion that libxml2 shouldn't 
impose a limit on the maximum size of text nodes at all. If there's a reliable 
mechanism to catch abusive entity expansions, the size of a text node is 
bounded by the size of the input document. In fact, processing a document 
containing a single 1 GB text node uses much less resources than a document 
with 1 GB of "<e/>"s. The former should consume just a bit more than 1 GB of 
memory for the text node, the latter will create 250 million element nodes, 
consuming around 30 GB of memory on x86-64.

Nick