Comment 39 for bug 1100282
Revision history for this message
| Christian Heimes (heimes) wrote Re: DoS through XML entity expansion | #39 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Hello,
I'm a Python core developer and member of the Python Security Response Team. I have found the vulnerability in Python's standard library XML parser and libexpat a couple of months ago. I have been working on a patch for a while but the patch is not ready yet. The libexpat and stdlib's XML parser are vulnerable to three kinds of XML attacks related to inline DTDs and ENTITY.
A quick and dirty workaround is to reject all XML data that contain the strings '<!ENTITY' and its utf-16-be, utf-16-le and utf-32 variants. That may generate false positive hits in CDATA sections but the likelihood is very small. Your code should also limit the maximum length of the input string and make sure it's not vulnerable to gzip bombs.
I'm going to read this thread now ...
Christian