You are not wrong -- I just put this issue into the unlikely to happen
category. If it was higher level and easy to do I might have another opinion.
This is like getting past the Dobermans :-)
I do have a funny story. I had a customer with a simple firewall (basically IP
rules) that cost a f
People do attack XML parsing (as well as any other input),
the encryption on the wire doesn't stop a malicious client
from crafting special input and sending it to the server.
I did a cursory look at the code and I believe Nick is correct
that the function in question is never called with a user-
I agree. I also don’t think people attack XML parsing. The sending/receiving
can be done encrypted. This seems a lot like a theoretical problem, not a
real-world problem.
My feelings are that protecting against all possible attacks is not possible.
Or stupid programming.
Take the phy
Raphael,
First, the disclaimers: I'm not an XML maintainer or even a
contributor; and, I've only given this a cursory glance.
Here are my reactions.
First, the routine in question is declared to be of module static
scope. I believe that this means that any exploitation of it would have
to
On 29/10/2019 14:30, Raphael de Carvalho Muniz wrote:
I found in the commit history of Libxml2 (commit 9acef28) the presence of the
following code snippet in the libxml.c file (Lines 1,597 - 1,612).
More specifically python/libxml.c which is part of the Python bindings.
I believe
that this co
Dear libxml2 owners,
I am performing research about weaknesses in C open source programs. As
part of my research, I am studying weaknesses that may be vulnerabilities
in the Libxml2 project.
I found in the commit history of Libxml2 (commit 9acef28) the presence of
the following code snippet in
