ObjFW  Check-in [ed4e64fd32]

Overview
Comment:OFXMLParser: Add configurable depth limit.

The default is 32.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: ed4e64fd320194bb0b25fbe01a5b5e629f8fa06ce05a91f5648d8b04956e96b6
User & Date: js on 2012-12-03 01:17:04
Other Links: manifest | tags
Context
2012-12-04
09:19
Randomize hashes. check-in: f60e4012b7 user: js tags: trunk
2012-12-03
01:17
OFXMLParser: Add configurable depth limit. check-in: ed4e64fd32 user: js tags: trunk
01:16
JSON: Add configurable depth limit. check-in: d60c3ae1ec user: js tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified src/OFXMLParser.h from [ee5f98932b] to [0c331b0934]. 

163
164
165
166
167
168
169

170
171
172
173

174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196


















197
198
199
200
201
202
203

	OFMutableArray *previous;
	size_t level;
	BOOL acceptProlog;
	size_t lineNumber;
	BOOL lastCarriageReturn;
	BOOL finishedParsing;
	of_string_encoding_t encoding;

}

#ifdef OF_HAVE_PROPERTIES
@property (assign) id <OFXMLParserDelegate> delegate;

#endif

/*!
 * @brief Creates a new XML parser.
 *
 * @return A new, autoreleased OFXMLParser
 */
+ (instancetype)parser;

/*!
 * @brief Returns the delegate that is used by the XML parser.
 *
 * @return The delegate that is used by the XML parser
 */
- (id <OFXMLParserDelegate>)delegate;

/*!
 * @brief Sets the delegate the OFXMLParser should use.
 *
 * @param delegate The delegate to use
 */
- (void)setDelegate: (id <OFXMLParserDelegate>)delegate;



















/*!
 * @brief Parses the specified buffer with the specified size.
 *
 * @param buffer The buffer to parse
 * @param length The length of the buffer
 */
- (void)parseBuffer: (const char*)buffer








>




>

















|





>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223

	OFMutableArray *previous;
	size_t level;
	BOOL acceptProlog;
	size_t lineNumber;
	BOOL lastCarriageReturn;
	BOOL finishedParsing;
	of_string_encoding_t encoding;
	size_t depthLimit;
}

#ifdef OF_HAVE_PROPERTIES
@property (assign) id <OFXMLParserDelegate> delegate;
@property size_t depthLimit;
#endif

/*!
 * @brief Creates a new XML parser.
 *
 * @return A new, autoreleased OFXMLParser
 */
+ (instancetype)parser;

/*!
 * @brief Returns the delegate that is used by the XML parser.
 *
 * @return The delegate that is used by the XML parser
 */
- (id <OFXMLParserDelegate>)delegate;

/*!
 * @brief Sets the delegate the XML parser should use.
 *
 * @param delegate The delegate to use
 */
- (void)setDelegate: (id <OFXMLParserDelegate>)delegate;

/*!
 * @brief Returns the depth limit for the XML parser.
 *
 * @return The depth limit for the XML parser
 */
- (size_t)depthLimit;

/*!
 * @brief Sets the depth limit for the XML parser.
 *
 * If the depth limit is exceeded, an OFMalformedXMLException is thrown.
 *
 * The default is 32. 0 means unlimited (insecure!).
 *
 * @param depthLimit The depth limit for the XML parser
 */
- (void)setDepthLimit: (size_t)depthLimit;

/*!
 * @brief Parses the specified buffer with the specified size.
 *
 * @param buffer The buffer to parse
 * @param length The length of the buffer
 */
- (void)parseBuffer: (const char*)buffer

Modified src/OFXMLParser.m from [ca01c9a5ad] to [9e2d46e499]. 

198
199
200
201
202
203
204

205
206
207
208
209
210
211

		    @"xml", @"http://www.w3.org/XML/1998/namespace",
		    @"xmlns", @"http://www.w3.org/2000/xmlns/", nil];
		[namespaces addObject: dict];

		acceptProlog = YES;
		lineNumber = 1;
		encoding = OF_STRING_ENCODING_UTF_8;


		objc_autoreleasePoolPop(pool);
	} @catch (id e) {
		[self release];
		@throw e;
	}









>








198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

		    @"xml", @"http://www.w3.org/XML/1998/namespace",
		    @"xmlns", @"http://www.w3.org/2000/xmlns/", nil];
		[namespaces addObject: dict];

		acceptProlog = YES;
		lineNumber = 1;
		encoding = OF_STRING_ENCODING_UTF_8;
		depthLimit = 32;

		objc_autoreleasePoolPop(pool);
	} @catch (id e) {
		[self release];
		@throw e;
	}


231
232
233
234
235
236
237










238
239
240
241
242
243
244

	return delegate;
}

- (void)setDelegate: (id <OFXMLParserDelegate>)delegate_
{
	delegate = delegate_;
}











- (void)parseBuffer: (const char*)buffer
	     length: (size_t)length
{
	size_t i, last = 0;

	for (i = 0; i < length; i++) {








>
>
>
>
>
>
>
>
>
>








232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

	return delegate;
}

- (void)setDelegate: (id <OFXMLParserDelegate>)delegate_
{
	delegate = delegate_;
}

- (size_t)depthLimit
{
	return depthLimit;
}

- (void)setDepthLimit: (size_t)depthLimit_
{
	depthLimit = depthLimit_;
}

- (void)parseBuffer: (const char*)buffer
	     length: (size_t)length
{
	size_t i, last = 0;

	for (i = 0; i < length; i++) {

360
361
362
363
364
365
366





367
368
369
370
371
372
373

		break;
	case '!':
		*last = *i + 1;
		state = OF_XMLPARSER_IN_EXCLAMATIONMARK;
		acceptProlog = NO;
		break;
	default:





		state = OF_XMLPARSER_IN_TAG_NAME;
		acceptProlog = NO;
		(*i)--;
		break;
	}
}









>
>
>
>
>








371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389

		break;
	case '!':
		*last = *i + 1;
		state = OF_XMLPARSER_IN_EXCLAMATIONMARK;
		acceptProlog = NO;
		break;
	default:
		if (depthLimit > 0 && [previous count] >= depthLimit)
			@throw [OFMalformedXMLException
			    exceptionWithClass: [self class]
					parser: self];

		state = OF_XMLPARSER_IN_TAG_NAME;
		acceptProlog = NO;
		(*i)--;
		break;
	}
}

Fossil 2.23 [47362306a7] 2023-11-01 18:56:47
This page was generated in about 0.019s