diff options
| author | Lars Knoll <lars.knoll@qt.io> | 2020-02-26 10:42:10 +0100 |
|---|---|---|
| committer | Lars Knoll <lars.knoll@qt.io> | 2020-02-26 22:08:38 +0100 |
| commit | fd4be84d23a0db4186cb42e736a9de3af722c7f7 (patch) | |
| tree | 2c1820728acb10a4235b68191f00f45dc5731370 /src/corelib/serialization/qxmlstream.cpp | |
| parent | 86f7d44089138b181642ee22989519f188c75bd5 (diff) | |
Add an expansion limit for entities
Recursively defined entities can easily exhaust all available
memory. Limit entity expansion to a default of 4096 characters to
avoid DoS attacks when a user loads untrusted content.
Added a setter and getter to allow modifying the expansion limit.
[ChangeLog][QtCore][QXmlStream] QXmlStreamReader does now by default
limit the expansion of entities to 4096 characters. Documents where
a single entity expands to more characters than the limit are not
considered well formed. The limit is there to avoid DoS attacks through
recursively expanding entities when loading untrusted content. The
limit can be changed through the QXmlStreamReader::setEntityExpansionLimit()
method.
Fixes: QTBUG-47417
Change-Id: I94387815d74fcf34783e136387ee57fac5ded0c9
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Diffstat (limited to 'src/corelib/serialization/qxmlstream.cpp')
| -rw-r--r-- | src/corelib/serialization/qxmlstream.cpp | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp index 7ff87885a5..d7fb0d0d41 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp @@ -2041,6 +2041,42 @@ QStringRef QXmlStreamReader::dtdSystemId() const return QStringRef(); } +/*! + \since 5.15 + + Returns the maximum amount of characters a single entity is + allowed to expand into. If a single entity expands past the + given limit, the document is not considered well formed. + + \sa setEntityExpansionLimit +*/ +int QXmlStreamReader::entityExpansionLimit() const +{ + Q_D(const QXmlStreamReader); + return d->entityExpansionLimit; +} + +/*! + \since 5.15 + + Sets the maximum amount of characters a single entity is + allowed to expand into to \a limit. If a single entity expands + past the given limit, the document is not considered well formed. + + The limit is there to prevent DoS attacks when loading unknown + XML documents where recursive entity expansion could otherwise + exhaust all available memory. + + The default value for this property is 4096 characters. + + \sa entityExpansionLimit +*/ +void QXmlStreamReader::setEntityExpansionLimit(int limit) +{ + Q_D(QXmlStreamReader); + d->entityExpansionLimit = limit; +} + /*! If the tokenType() is \l StartElement, this function returns the element's namespace declarations. Otherwise an empty vector is returned. |