diff options
| author | Matthew Wild <mwild1@gmail.com> | 2011-06-02 15:19:05 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2011-06-02 15:19:05 +0100 |
| commit | a684be25dba02b42f21cd45373bf55b70ab368a8 (patch) | |
| tree | af712d0198ac96c01bf2fbd40b7eab91f65cdb6c | |
| parent | 15a9f10a2dd231fd6b84e892f8e5236b62fcb9a8 (diff) | |
| download | prosody-a684be25dba02b42f21cd45373bf55b70ab368a8.tar.gz prosody-a684be25dba02b42f21cd45373bf55b70ab368a8.zip | |
xmlhandlers/xmppstream: Stop the parser when encountering restricted XML, completing the fix for the billion laughs attack
| -rw-r--r-- | core/xmlhandlers.lua | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua index 9e8fd7f6..eb7e3ba1 100644 --- a/core/xmlhandlers.lua +++ b/core/xmlhandlers.lua @@ -145,8 +145,11 @@ function init_xmlhandlers(session, stream_callbacks) end end - local function restricted_handler() + local function restricted_handler(parser) cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1."); + if not parser:stop() then + error("Failed to abort parsing"); + end end if lxp_supports_doctype then |