xml-dev - Re: [xml-dev] Malicious XML

Re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]

To: <xml-dev@lists.xml.org>
Subject: Re: [xml-dev] Malicious XML
From: "Karl Waclawek" <karl@waclawek.net>
Date: Thu, 14 Nov 2002 21:18:53 -0500
References: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k> <E18CRzq-0003UU-00@mta01.btfusion.com>


> ** Reply to message from "Karl Waclawek" <karl@waclawek.net> on Thu, 14 Nov
> 2002 16:15:41 -0500
> 
> > are there any well-known ways to protect against
> > malicious XML, e.g. XML that causes your parser
> > to eat up all memory?
> 
> Disconnect your machine from any networks before you start parsing.

Well, we - the Expat team - have just been notified of a
"security vulnerability" in Expat by a company called Sanctum,
http://www.sanctuminc.com/ .
No idea who they are, and I don't agree with their assessment,
i.e. it is not Expat's job to check memory use. That is
the memory manager's job.

Anyway, their example uses a really trivial internal subset
to bring down a SOAP server. I wonder if there are more
well known XML examples that can cause a parser to eat
up all memory.

Properly used, Expat is already equipped to handle such
situations since it allows for a pluggable memory handler.

Karl

References:
- Malicious XML
  - From: "Karl Waclawek" <karl@waclawek.net>
- Re: [xml-dev] Malicious XML
  - From: "Anthony B. Coates" <abcoates@TheOffice.net>

Prev by Date: Re: [xml-dev] Malicious XML
Next by Date: Re: [xml-dev] RDF/XML Syntax Working Draft 2002-11-08 Published
Previous by thread: Re: [xml-dev] Malicious XML
Next by thread: re: [xml-dev] Malicious XML
Index(es):
- Date
- Thread