OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]

> Anyway, their example uses a really trivial internal subset
> to bring down a SOAP server. I wonder if there are more
> well known XML examples that can cause a parser to eat
> up all memory.
> Properly used, Expat is already equipped to handle such
> situations since it allows for a pluggable memory handler.

Actually, I have to correct myself:

In Expat, memory isn't eaten up, just lots of CPU cycles.
Same in MSXML4. So a custom memory handler won't work.



News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS