xml-dev - Re: [xml-dev] Malicious XML

Re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]

To: Karl Waclawek <karl@waclawek.net>
Subject: Re: [xml-dev] Malicious XML
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 15 Nov 2002 03:58:36 -0500
Cc: xml-dev@lists.xml.org
In-reply-to: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k>; from karl@waclawek.net on Thu, Nov 14, 2002 at 04:15:41PM -0500
References: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k>
Reply-to: veillard@redhat.com
User-agent: Mutt/1.2.5.1i

On Thu, Nov 14, 2002 at 04:15:41PM -0500, Karl Waclawek wrote:
> Just curious,
> 
> are there any well-known ways to protect against
> malicious XML, e.g. XML that causes your parser
> to eat up all memory?

  Provide your own memory allocator and put some application
based controls. Even if the parser operates on constant memory
(or memory proportional to the depth of the tree), there will
be problems on the consuming side anyway.
  I think everybody doing XML processing on embedded systems is
used to implement those, but it may not have reached more general
processing environments.

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard@redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

Follow-Ups:
- Re: [xml-dev] Malicious XML
  - From: "Andrzej Jan Taramina" <andrzej@chaeron.com>

References:
- Malicious XML
  - From: "Karl Waclawek" <karl@waclawek.net>

Prev by Date: Re: [xml-dev] dtds, schemas, xhtml, and multimedia technologies
Next by Date: RE: [xml-dev] dtds, schemas, xhtml, and multimedia technologies
Previous by thread: re: [xml-dev] Malicious XML
Next by thread: Re: [xml-dev] Malicious XML
Index(es):
- Date
- Thread