[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Malicious XML

• To: Karl Waclawek <karl@w...>
• Subject: Re: Malicious XML
• From: Daniel Veillard <veillard@r...>
• Date: Fri, 15 Nov 2002 03:58:36 -0500
• Cc: xml-dev@l...
• In-reply-to: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k>; from karl@w... on Thu, Nov 14, 2002 at 04:15:41PM -0500
• References: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k>
• Reply-to: veillard@r...
• User-agent: Mutt/1.2.5.1i

On Thu, Nov 14, 2002 at 04:15:41PM -0500, Karl Waclawek wrote:
> Just curious,
> 
> are there any well-known ways to protect against
> malicious XML, e.g. XML that causes your parser
> to eat up all memory?

  Provide your own memory allocator and put some application
based controls. Even if the parser operates on constant memory
(or memory proportional to the depth of the tree), there will
be problems on the consuming side anyway.
  I think everybody doing XML processing on embedded systems is
used to implement those, but it may not have reached more general
processing environments.

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard@r...  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

• Follow-Ups:
  • Re: Malicious XML
    • From: "Andrzej Jan Taramina" <andrzej@c...>

• References:
  • Malicious XML
    • From: "Karl Waclawek" <karl@w...>

• Prev by Date: Re: dtds, schemas, xhtml, and multimedia technologies
• Next by Date: RE: dtds, schemas, xhtml, and multimedia technologies
• Previous by thread: re: Malicious XML
• Next by thread: Re: Malicious XML
• Index(es):
  • Date
  • Thread