diff options
| author | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-08-26 00:34:38 +0200 |
|---|---|---|
| committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-08-26 00:34:38 +0200 |
| commit | 77c26bad0433541f486b1e7ced44ca9979376908 (patch) | |
| tree | b199c094f0158a4364a598b917e6fc34047c256e | |
| parent | 824657768aea2cce9c23e72ba8085cb5e44350c7 (diff) | |
| download | libxslt-77c26bad0433541f486b1e7ced44ca9979376908.tar.gz | |
Don't set maxDepth in XPath contexts
The maximum recursion depth is hardcoded in libxml2 now.
| -rw-r--r-- | libxslt/functions.c | 2 | ||||
| -rw-r--r-- | tests/fuzz/fuzz.c | 11 |
2 files changed, 3 insertions, 10 deletions
diff --git a/libxslt/functions.c b/libxslt/functions.c index 975ea790..7887dda7 100644 --- a/libxslt/functions.c +++ b/libxslt/functions.c @@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI) defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) xptrctxt->opLimit = ctxt->context->opLimit; xptrctxt->opCount = ctxt->context->opCount; - xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth; + xptrctxt->depth = ctxt->context->depth; resObj = xmlXPtrEval(fragment, xptrctxt); diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c index 75234ad6..780c2d41 100644 --- a/tests/fuzz/fuzz.c +++ b/tests/fuzz/fuzz.c @@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, xpctxt = tctxt->xpathCtxt; /* Resource limits to avoid timeouts and call stack overflows */ - xpctxt->maxDepth = 500; xpctxt->opLimit = 500000; /* Test namespaces used in xpath.xml */ @@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, return 0; } -static void -xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) { - ctxt->maxDepth = 200; - ctxt->opLimit = 100000; -} - xmlChar * xsltFuzzXslt(const char *data, size_t size) { xmlDocPtr xsltDoc; @@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) { xmlFreeDoc(xsltDoc); return NULL; } - xsltSetXPathResourceLimits(sheet->xpathCtxt); + sheet->xpathCtxt->opLimit = 100000; sheet->xpathCtxt->opCount = 0; if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) { xsltFreeStylesheet(sheet); @@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) { xsltSetCtxtSecurityPrefs(sec, ctxt); ctxt->maxTemplateDepth = 100; ctxt->opLimit = 20000; - xsltSetXPathResourceLimits(ctxt->xpathCtxt); + ctxt->xpathCtxt->opLimit = 100000; ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount; result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt); |