Lists Home |
Date Index |
> Karl Waclawek wrote,
> > > Anyway, their example uses a really trivial internal subset to bring
> > > down a SOAP server. I wonder if there are more well known XML
> > > examples that can cause a parser to eat up all memory.
> > >
> > > Properly used, Expat is already equipped to handle such situations
> > > since it allows for a pluggable memory handler.
> > Actually, I have to correct myself:
> > In Expat, memory isn't eaten up, just lots of CPU cycles.
> > Same in MSXML4. So a custom memory handler won't work.
> Any chance of some details of just what it is in the internal subset
> which triggers this behaviour, and how?
According to James Clark it is a reasonably well known XML
vulnerability. I can e-mail you. I am not sure if I should
post it publicly - any comments on that?
Btw, I was able to modify this attack and turn it into
a memory hog as well as a CPU hog.