ruby-changes:10200
From: shyouhei <ko1@a...>
Date: Fri, 23 Jan 2009 11:50:55 +0900 (JST)
Subject: [ruby-changes:10200] Ruby:r21744 (ruby_1_8_7): merge revision(s) 19320,19322:
shyouhei 2009-01-23 11:50:43 +0900 (Fri, 23 Jan 2009) New Revision: 21744 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=21744 Log: merge revision(s) 19320,19322: * lib/rexml/document.rb: limit entity expansion. Thanks, Luka Treiber, Mitja Kolsek, and Michael Koziarski. backported from trunk r19033, r19317, r19318. * lib/rexml/entity.rb: ditto. * test/rexml/test_document.rb: ditto. * NEWS: added an entry for REXML. * lib/rexml/document.rb: fixed typo. Added directories: branches/ruby_1_8_7/test/rexml/ Modified files: branches/ruby_1_8_7/ChangeLog branches/ruby_1_8_7/NEWS branches/ruby_1_8_7/lib/rexml/document.rb branches/ruby_1_8_7/lib/rexml/entity.rb branches/ruby_1_8_7/version.h Index: ruby_1_8_7/NEWS =================================================================== --- ruby_1_8_7/NEWS (revision 21743) +++ ruby_1_8_7/NEWS (revision 21744) @@ -7,6 +7,15 @@ reference information is supplied with. For a full list of changes with all sufficient information, see the ChangeLog file. +* REXML + + * REXML::Document.entity_expansion_limit= + + New method to set the entity expansion limit. By default the limit is + set to 10000. See the following URL for details. + + http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ + == Changes since the 1.8.6 release === Configuration changes Index: ruby_1_8_7/ChangeLog =================================================================== --- ruby_1_8_7/ChangeLog (revision 21743) +++ ruby_1_8_7/ChangeLog (revision 21744) @@ -1,3 +1,19 @@ +Fri Jan 23 11:49:45 2009 Shugo Maeda <shugo@r...> + + * NEWS: added an entry for REXML. + + * lib/rexml/document.rb: fixed typo. + +Fri Jan 23 11:49:45 2009 Shugo Maeda <shugo@r...> + + * lib/rexml/document.rb: limit entity expansion. Thanks, Luka + Treiber, Mitja Kolsek, and Michael Koziarski. backported from + trunk r19033, r19317, r19318. + + * lib/rexml/entity.rb: ditto. + + * test/rexml/test_document.rb: ditto. + Thu Jan 22 15:19:39 2009 Nobuyoshi Nakada <nobu@r...> * marshal.c (marshal_load): arg.data is no longer a VALUE but a Index: ruby_1_8_7/version.h =================================================================== --- ruby_1_8_7/version.h (revision 21743) +++ ruby_1_8_7/version.h (revision 21744) @@ -1,15 +1,15 @@ #define RUBY_VERSION "1.8.7" -#define RUBY_RELEASE_DATE "2009-01-22" +#define RUBY_RELEASE_DATE "2009-01-23" #define RUBY_VERSION_CODE 187 -#define RUBY_RELEASE_CODE 20090122 -#define RUBY_PATCHLEVEL 92 +#define RUBY_RELEASE_CODE 20090123 +#define RUBY_PATCHLEVEL 93 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 #define RUBY_VERSION_TEENY 7 #define RUBY_RELEASE_YEAR 2009 #define RUBY_RELEASE_MONTH 1 -#define RUBY_RELEASE_DAY 22 +#define RUBY_RELEASE_DAY 23 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; Index: ruby_1_8_7/lib/rexml/document.rb =================================================================== --- ruby_1_8_7/lib/rexml/document.rb (revision 21743) +++ ruby_1_8_7/lib/rexml/document.rb (revision 21744) @@ -32,6 +32,7 @@ # @param context if supplied, contains the context of the document; # this should be a Hash. def initialize( source = nil, context = {} ) + @entity_expansion_count = 0 super() @context = context return if source.nil? @@ -200,6 +201,27 @@ Parsers::StreamParser.new( source, listener ).parse end + @@entity_expansion_limit = 10_000 + + # Set the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_limit=( val ) + @@entity_expansion_limit = val + end + + # Get the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_limit + return @@entity_expansion_limit + end + + attr_reader :entity_expansion_count + + def record_entity_expansion + @entity_expansion_count += 1 + if @entity_expansion_count > @@entity_expansion_limit + raise "number of entity expansions exceeded, processing aborted." + end + end + private def build( source ) Parsers::TreeParser.new( source, self ).parse Index: ruby_1_8_7/lib/rexml/entity.rb =================================================================== --- ruby_1_8_7/lib/rexml/entity.rb (revision 21743) +++ ruby_1_8_7/lib/rexml/entity.rb (revision 21744) @@ -73,6 +73,7 @@ # all entities -- both %ent; and &ent; entities. This differs from # +value()+ in that +value+ only replaces %ent; entities. def unnormalized + document.record_entity_expansion v = value() return nil if v.nil? @unnormalized = Text::unnormalize(v, parent) Index: ruby_1_8_7/test/rexml/test_document.rb =================================================================== --- ruby_1_8_7/test/rexml/test_document.rb (revision 0) +++ ruby_1_8_7/test/rexml/test_document.rb (revision 21744) @@ -0,0 +1,65 @@ +require "rexml/document" +require "test/unit" + +class REXML::TestDocument < Test::Unit::TestCase + def test_new + doc = REXML::Document.new(<<EOF) +<?xml version="1.0" encoding="UTF-8"?> +<message>Hello world!</message> +EOF + assert_equal("Hello world!", doc.root.children.first.value) + end + + XML_WITH_NESTED_ENTITY = <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE member [ + <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> + <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> + <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> + <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> + <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> + <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> + <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> +]> +<member> +&a; +</member> +EOF + + XML_WITH_4_ENTITY_EXPANSION = <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE member [ + <!ENTITY a "a"> + <!ENTITY a2 "&a; &a;"> +]> +<member> +&a; +&a2; +</member> +EOF + + def test_entity_expansion_limit + doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + REXML::Document.entity_expansion_limit = 100 + assert_equal(100, REXML::Document.entity_expansion_limit) + doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + assert_equal(101, doc.entity_expansion_count) + + REXML::Document.entity_expansion_limit = 4 + doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) + assert_equal("\na\na a\n", doc.root.children.first.value) + REXML::Document.entity_expansion_limit = 3 + doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + ensure + REXML::Document.entity_expansion_limit = 10000 + end +end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/