xml-dev - re: [xml-dev] Malicious XML

re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]

To: <xml-dev@lists.xml.org>
Subject: re: [xml-dev] Malicious XML
From: David Megginson <david@megginson.com>
Date: Thu, 14 Nov 2002 17:36:13 -0500
In-reply-to: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k>
References: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k>

Karl Waclawek writes:

 > are there any well-known ways to protect against
 > malicious XML, e.g. XML that causes your parser
 > to eat up all memory?

You build sanity limits into your parser.  That will require the
parser to reject some well-formed documents, and technically, will
probably make it non-conformant, but that's just tough.  I'd suggest
something like a size limit on element and attribute names of 1024
characters, an element nesting depth limit of 512, and a limit of 128
attributes for each element.  Anyone who passes these limits is just
goofy. SAX already lets you break up long strings of character data
into reasonable-sized chunks, so there should be no problem there;
limits will also be necessary for IDs (if validating), processing
instructions, and possibly comments (if the parser bothers with them).

Fixing the parser probably isn't the biggest issue, though -- the
application sitting on the other end of it (whether a DOM tree
builder, a point-of-sale system, or what-have-you) is probably using
most of the memory, and the fixes for that are application-specific.

All the best,

David

-- 
David Megginson, david@megginson.com, http://www.megginson.com/

References:
- Malicious XML
  - From: "Karl Waclawek" <karl@waclawek.net>

Prev by Date: Re: [xml-dev] XML/RDF
Next by Date: RE: [xml-dev] OT: Where did URI pipe symbol hack originate?
Previous by thread: Re: [xml-dev] Malicious XML
Next by thread: Re: [xml-dev] Malicious XML
Index(es):
- Date
- Thread