87244aa155
This fixes a DNS spoofing vulnerability in Ruby's resolver lib. (CVE-2008-1447) A DoS vulnerability in WEBrick(CVE-2008-3656), problems with Ruby's safelevel implementation (CVE-2008-3655) and a taint check problem in Ruby's dynamic loader (CVE-2008-3657) got fixed as well. This also contains a fix for the REXML DoS issue. (CVE-2008-3790) More information: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ Tested by Jeremy Evans and jcs@. Thanks!
26 lines
967 B
Plaintext
26 lines
967 B
Plaintext
$OpenBSD: patch-lib_rexml_document_rb,v 1.1 2008/09/28 15:43:05 bernd Exp $
|
|
|
|
http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
|
|
|
|
--- lib/rexml/document.rb.orig Sun Nov 4 05:50:15 2007
|
|
+++ lib/rexml/document.rb Thu Sep 4 09:53:31 2008
|
|
@@ -18,6 +18,18 @@ module REXML
|
|
# you create, you must add one; REXML documents do not write a default
|
|
# declaration for you. See |DECLARATION| and |write|.
|
|
class Document < Element
|
|
+ @@entity_expansion_limit = 10_000
|
|
+ def self.entity_expansion_limit= val
|
|
+ @@entity_expansion_limit = val
|
|
+ end
|
|
+
|
|
+ def record_entity_expansion!
|
|
+ @number_of_expansions ||= 0
|
|
+ @number_of_expansions += 1
|
|
+ if @number_of_expansions > @@entity_expansion_limit
|
|
+ raise "Number of entity expansions exceeded, processing aborted."
|
|
+ end
|
|
+ end
|
|
# A convenient default XML declaration. If you want an XML declaration,
|
|
# the easiest way to add one is mydoc << Document::DECLARATION
|
|
# +DEPRECATED+
|