test/rexml/test_document.rb @@ -1,3 +1,19 @@ +Fri Jan 23 11:49:45 2009 Shugo Maeda <shugo@ruby-lang.org> + + * NEWS: added an entry for REXML. + + * lib/rexml/document.rb: fixed typo. + +Fri Jan 23 11:49:45 2009 Shugo Maeda <shugo@ruby-lang.org> + + * lib/rexml/document.rb: limit entity expansion. Thanks, Luka + Treiber, Mitja Kolsek, and Michael Koziarski. backported from + trunk r19033, r19317, r19318. + + * lib/rexml/entity.rb: ditto. + + * test/rexml/test_document.rb: ditto. + Thu Jan 22 15:19:39 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * marshal.c (marshal_load): arg.data is no longer a VALUE but a ChangeLog @@ -7,6 +7,15 @@ Note that each entry is kept so brief that no reason behind or reference information is supplied with. For a full list of changes with all sufficient information, see the ChangeLog file. +* REXML + + * REXML::Document.entity_expansion_limit= + + New method to set the entity expansion limit. By default the limit is + set to 10000. See the following URL for details. + + http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ + == Changes since the 1.8.6 release === Configuration changes NEWS @@ -32,6 +32,7 @@ module REXML # @param context if supplied, contains the context of the document; # this should be a Hash. def initialize( source = nil, context = {} ) + @entity_expansion_count = 0 super() @context = context return if source.nil? @@ -200,6 +201,27 @@ module REXML Parsers::StreamParser.new( source, listener ).parse end + @@entity_expansion_limit = 10_000 + + # Set the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_limit=( val ) + @@entity_expansion_limit = val + end + + # Get the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_limit + return @@entity_expansion_limit + end + + attr_reader :entity_expansion_count + + def record_entity_expansion + @entity_expansion_count += 1 + if @entity_expansion_count > @@entity_expansion_limit + raise "number of entity expansions exceeded, processing aborted." + end + end + private def build( source ) Parsers::TreeParser.new( source, self ).parse lib/rexml/document.rb @@ -73,6 +73,7 @@ module REXML # all entities -- both %ent; and &ent; entities. This differs from # +value()+ in that +value+ only replaces %ent; entities. def unnormalized + document.record_entity_expansion v = value() return nil if v.nil? @unnormalized = Text::unnormalize(v, parent) lib/rexml/entity.rb @@ -1,15 +1,15 @@ #define RUBY_VERSION "1.8.7" -#define RUBY_RELEASE_DATE "2009-01-22" +#define RUBY_RELEASE_DATE "2009-01-23" #define RUBY_VERSION_CODE 187 -#define RUBY_RELEASE_CODE 20090122 -#define RUBY_PATCHLEVEL 92 +#define RUBY_RELEASE_CODE 20090123 +#define RUBY_PATCHLEVEL 93 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 #define RUBY_VERSION_TEENY 7 #define RUBY_RELEASE_YEAR 2009 #define RUBY_RELEASE_MONTH 1 -#define RUBY_RELEASE_DAY 22 +#define RUBY_RELEASE_DAY 23 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; version.h 4fdc60a6474c44301b42b2b402c9aebb5fd92c5e shyouhei shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e http://github.com/ice799/matzruby/commit/5ceedb08ac385bb14b056c6f3bef90d41b2ed9c9 5ceedb08ac385bb14b056c6f3bef90d41b2ed9c9 2009-01-22T18:50:43-08:00 2009-01-22T18:50:43-08:00 merge revision(s) 19320,19322: * lib/rexml/document.rb: limit entity expansion. Thanks, Luka Treiber, Mitja Kolsek, and Michael Koziarski. backported from trunk r19033, r19317, r19318. * lib/rexml/entity.rb: ditto. * test/rexml/test_document.rb: ditto. * NEWS: added an entry for REXML. * lib/rexml/document.rb: fixed typo. git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8_7@21744 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 38de7039da1df7e286c065437ce485e09c89b32c shyouhei shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e