Software / code / prosody
Changeset
4287:ee6a18f10a8d
xmlhandlers/xmppstream: Stop the parser when encountering restricted XML, completing the fix for the billion laughs attack
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 02 Jun 2011 15:19:05 +0100 |
| parents | 4280:65e2c089d138 |
| children | 4288:8fde6b6b4919 |
| files | core/xmlhandlers.lua |
| diffstat | 1 files changed, 4 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/core/xmlhandlers.lua Thu Jun 02 00:23:41 2011 +0100 +++ b/core/xmlhandlers.lua Thu Jun 02 15:19:05 2011 +0100 @@ -145,8 +145,11 @@ end end - local function restricted_handler() + local function restricted_handler(parser) cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1."); + if not parser:stop() then + error("Failed to abort parsing"); + end end if lxp_supports_doctype then
