Overview
Comment: | OFXMLParser: Add configurable depth limit.
The default is 32. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
ed4e64fd320194bb0b25fbe01a5b5e62 |
User & Date: | js on 2012-12-03 01:17:04 |
Other Links: | manifest | tags |
Context
2012-12-04
| ||
09:19 | Randomize hashes. check-in: f60e4012b7 user: js tags: trunk | |
2012-12-03
| ||
01:17 | OFXMLParser: Add configurable depth limit. check-in: ed4e64fd32 user: js tags: trunk | |
01:16 | JSON: Add configurable depth limit. check-in: d60c3ae1ec user: js tags: trunk | |
Changes
Modified src/OFXMLParser.h from [ee5f98932b] to [0c331b0934].
︙ | ︙ | |||
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 | OFMutableArray *previous; size_t level; BOOL acceptProlog; size_t lineNumber; BOOL lastCarriageReturn; BOOL finishedParsing; of_string_encoding_t encoding; } #ifdef OF_HAVE_PROPERTIES @property (assign) id <OFXMLParserDelegate> delegate; #endif /*! * @brief Creates a new XML parser. * * @return A new, autoreleased OFXMLParser */ + (instancetype)parser; /*! * @brief Returns the delegate that is used by the XML parser. * * @return The delegate that is used by the XML parser */ - (id <OFXMLParserDelegate>)delegate; /*! | > > | > > > > > > > > > > > > > > > > > > | 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 | OFMutableArray *previous; size_t level; BOOL acceptProlog; size_t lineNumber; BOOL lastCarriageReturn; BOOL finishedParsing; of_string_encoding_t encoding; size_t depthLimit; } #ifdef OF_HAVE_PROPERTIES @property (assign) id <OFXMLParserDelegate> delegate; @property size_t depthLimit; #endif /*! * @brief Creates a new XML parser. * * @return A new, autoreleased OFXMLParser */ + (instancetype)parser; /*! * @brief Returns the delegate that is used by the XML parser. * * @return The delegate that is used by the XML parser */ - (id <OFXMLParserDelegate>)delegate; /*! * @brief Sets the delegate the XML parser should use. * * @param delegate The delegate to use */ - (void)setDelegate: (id <OFXMLParserDelegate>)delegate; /*! * @brief Returns the depth limit for the XML parser. * * @return The depth limit for the XML parser */ - (size_t)depthLimit; /*! * @brief Sets the depth limit for the XML parser. * * If the depth limit is exceeded, an OFMalformedXMLException is thrown. * * The default is 32. 0 means unlimited (insecure!). * * @param depthLimit The depth limit for the XML parser */ - (void)setDepthLimit: (size_t)depthLimit; /*! * @brief Parses the specified buffer with the specified size. * * @param buffer The buffer to parse * @param length The length of the buffer */ - (void)parseBuffer: (const char*)buffer |
︙ | ︙ |
Modified src/OFXMLParser.m from [ca01c9a5ad] to [9e2d46e499].
︙ | ︙ | |||
198 199 200 201 202 203 204 205 206 207 208 209 210 211 | @"xml", @"http://www.w3.org/XML/1998/namespace", @"xmlns", @"http://www.w3.org/2000/xmlns/", nil]; [namespaces addObject: dict]; acceptProlog = YES; lineNumber = 1; encoding = OF_STRING_ENCODING_UTF_8; objc_autoreleasePoolPop(pool); } @catch (id e) { [self release]; @throw e; } | > | 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 | @"xml", @"http://www.w3.org/XML/1998/namespace", @"xmlns", @"http://www.w3.org/2000/xmlns/", nil]; [namespaces addObject: dict]; acceptProlog = YES; lineNumber = 1; encoding = OF_STRING_ENCODING_UTF_8; depthLimit = 32; objc_autoreleasePoolPop(pool); } @catch (id e) { [self release]; @throw e; } |
︙ | ︙ | |||
231 232 233 234 235 236 237 238 239 240 241 242 243 244 | return delegate; } - (void)setDelegate: (id <OFXMLParserDelegate>)delegate_ { delegate = delegate_; } - (void)parseBuffer: (const char*)buffer length: (size_t)length { size_t i, last = 0; for (i = 0; i < length; i++) { | > > > > > > > > > > | 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 | return delegate; } - (void)setDelegate: (id <OFXMLParserDelegate>)delegate_ { delegate = delegate_; } - (size_t)depthLimit { return depthLimit; } - (void)setDepthLimit: (size_t)depthLimit_ { depthLimit = depthLimit_; } - (void)parseBuffer: (const char*)buffer length: (size_t)length { size_t i, last = 0; for (i = 0; i < length; i++) { |
︙ | ︙ | |||
360 361 362 363 364 365 366 367 368 369 370 371 372 373 | break; case '!': *last = *i + 1; state = OF_XMLPARSER_IN_EXCLAMATIONMARK; acceptProlog = NO; break; default: state = OF_XMLPARSER_IN_TAG_NAME; acceptProlog = NO; (*i)--; break; } } | > > > > > | 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 | break; case '!': *last = *i + 1; state = OF_XMLPARSER_IN_EXCLAMATIONMARK; acceptProlog = NO; break; default: if (depthLimit > 0 && [previous count] >= depthLimit) @throw [OFMalformedXMLException exceptionWithClass: [self class] parser: self]; state = OF_XMLPARSER_IN_TAG_NAME; acceptProlog = NO; (*i)--; break; } } |
︙ | ︙ |