OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]

Karl Waclawek wrote,
> > Anyway, their example uses a really trivial internal subset to bring
> > down a SOAP server. I wonder if there are more well known XML
> > examples that can cause a parser to eat up all memory.
> >
> > Properly used, Expat is already equipped to handle such situations
> > since it allows for a pluggable memory handler.
> Actually, I have to correct myself:
> In Expat, memory isn't eaten up, just lots of CPU cycles.
> Same in MSXML4. So a custom memory handler won't work.

Any chance of some details of just what it is in the internal subset 
which triggers this behaviour, and how?




News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS