XML bomb protection
The expat library now has countermeasures against XML bombing (aka
billion laughs) and similar attacks. The new features are only available
expat is compiled with XML_BOMB_PROTECTION.
new definitions:
XML_BOMB_PROTECTION
XML_DEFAULT_MAX_ENTITY_INDIRECTIONS
XML_DEFAULT_MAX_ENTITY_EXPANSIONS
XML_DEFAULT_RESET_DTD
new API functions:
int XML_GetFeature(XML_Parser parser,
enum XML_FeatureEnum feature,
long *value);
int XML_SetFeature(XML_Parser parser,
enum XML_FeatureEnum feature,
long value);
int XML_GetFeatureDefault(enum XML_FeatureEnum feature,
long *value);
int XML_SetFeatureDefault(enum XML_FeatureEnum feature,
long value);
new XML_FeatureEnum members:
XML_FEATURE_MAX_ENTITY_INDIRECTIONS
XML_FEATURE_MAX_ENTITY_EXPANSIONS
XML_FEATURE_RESET_DTD
new XML_Error members:
XML_ERROR_ENTITY_INDIRECTIONS
XML_ERROR_ENTITY_EXPANSION
7 files changed