diff options
author | Joe Orton <notroj@users.noreply.github.com> | 2009-08-18 14:18:53 +0000 |
---|---|---|
committer | Joe Orton <notroj@users.noreply.github.com> | 2009-08-18 14:18:53 +0000 |
commit | 4bd99af3f2e0afa48e03448d06f4c92a1e3d74e5 (patch) | |
tree | 1fc4655e41e430a184512e2d468831588a9dfb01 /po | |
parent | dd2cbb2c78d974a101cec2acc7242a83fe502cc8 (diff) | |
download | neon-git-4bd99af3f2e0afa48e03448d06f4c92a1e3d74e5.tar.gz |
Security fix for CVE-2009-2473: prevent the "billion laughs" attack
against expat:
* src/ne_xml.c (ne_xml_create) [HAVE_EXPAT]: Register entity
decl handler.
[HAVE_LIBXML]: Use xmlCtxtUseOptions interface.
(entity_declaration): New function.
* test/xml.c (fail_parse): Add billion laughs test case.
* test/run.sh: Limit run-time CPU use to 120 seconds.
Diffstat (limited to 'po')
0 files changed, 0 insertions, 0 deletions