I would like to write guidelines for using libxml2 in the most robust way possible. I'm particularly concerned about denial-of-service attacks, either CPU hogs, or significantly larger memory allocation than the input document (say, going from a 100 KiB XML file to a 1 GiB memory allocation). Disallowing entity declarations or an inline document type definition is acceptable.
My attempts in this area have yielded mixed results so far. The application code I looked at used the reader API (xmlReaderForFile, xmlTextReaderRead, xmlTextReaderConstValue, etc.), and depending on the flags used to create the reader object, there are still denial-of-service issues with the current libxml2 version (and also undetectable document alteration). Is there are more robust interface? If you can tell me the one that is supposedly safe, I can see if I can break it, and if not, I'll write up the recommendation and file application bugs as required to change to the correct way of handling XML. -- Florian Weimer / Red Hat Product Security _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml
