New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Max attributes per element limit only loosely enforced #112
Comments
Maximum attribute limit is designed to guard against various overflow / Denial-of-Service attacks, so checking may be approximate -- general contract would be to allow at least specified number of attributes, but not necessarily fail immediately. This would likely be the case for low limits like 2. In case of attributes there may be room for improvement, so that buffer length would not grow beyond limit and thereby check could be (more) accurate -- so that, for example, with limit of, say, 1000 attributes, it would not grow to 1200 (assuming 50% increase went to 800, allowed, then to 1200) but would be hit at 1000. It has been a while since I looked at this particular check so I can't say for sure but perhaps it could even work for small limits like 2. So I think this would be an improvement, to have more sensitive check for exceeding maximum number. |
Thanks for your explanations.
if (mAttrCount >= mAttributes.length) {
if ((mAttrCount + mNsCount) >= mMaxAttributesPerElement) {
throw new XMLStreamException("Attribute limit ("+mMaxAttributesPerElement+") exceeded");
}
mAttributes = (Attribute[]) DataUtil.growArrayBy50Pct(mAttributes);
} With if ((mAttrCount + mNsCount) >= mMaxAttributesPerElement) {
throw new XMLStreamException("Attribute limit ("+mMaxAttributesPerElement+") exceeded");
}
if (mAttrCount >= mAttributes.length) {
mAttributes = (Attribute[]) DataUtil.growArrayBy50Pct(mAttributes);
} |
yes, that sounds reasonable. I hope to find some time soon (perhaps tonight) to look into this. |
Fixed, added tests. Due to combination of namespace declarations and attributes it is possible that limit is still not strictly enforced in all possible cases (for some namespace declarations, some attributes). |
Fixes: FasterXML/woodstox#112 FasterXML/woodstox#117 Change-Id: I34494517ba1af3cf41013f63909db43f05ca30b2 Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Fixes: FasterXML/woodstox#112 FasterXML/woodstox#117 Change-Id: I34494517ba1af3cf41013f63909db43f05ca30b2 Signed-off-by: Robert Varga <robert.varga@pantheon.tech> (cherry picked from commit 6b0e6c3)
Hello,
Given the following snippet,
XmlStreamReader
should throw an exception indicating that the number of attributes for the given element has been reached.Looking at
AttributeCollector
class (line 801), it seems that attribute count is compared to attributes array whose size is increased by 50% (so length of the array become greater than real number of attributes in the array).Do I missed something or the "max attribute condition" should be checked apart ?
The text was updated successfully, but these errors were encountered: