OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] XML processor attacks

What about circular references?

A include B,
B include C,
C include A.

Is that posible?

On 1/31/07, Richard Salz <rsalz@us.ibm.com> wrote:
> It's pretty easy to cause a denial of service with short messages such as
> a million elements deep:
>         <x><x><x><x><x><x>....</x></x>
> Or badly fragmented:
>   <x><y>.</y><y>.</y>....</x>
> Maximum element, attribute or namespace prefix name
>   <xxx...  xxx...='...' xmlns:xxx...='...'
> Excessively long attribute or namespace values (the '...' above)
> Excessive attributes or namespace declarations
>  <x a1='.' a2='.' a3='.' ...
> Schema validation won't save you as long as there's an xs:any extension
> point in the schema.
> The key point here is that these attacks are asymmetric -- it's trivial to
> generate these with print statements, but the recipient has to expend a
> lot of horsepower.
>         /r$
> --
> Senior Security Architect
> DataPower SOA Appliances

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS