aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2011-06-02 15:19:05 +0100
committerMatthew Wild <mwild1@gmail.com>2011-06-02 15:19:05 +0100
commita684be25dba02b42f21cd45373bf55b70ab368a8 (patch)
treeaf712d0198ac96c01bf2fbd40b7eab91f65cdb6c
parent15a9f10a2dd231fd6b84e892f8e5236b62fcb9a8 (diff)
downloadprosody-a684be25dba02b42f21cd45373bf55b70ab368a8.tar.gz
prosody-a684be25dba02b42f21cd45373bf55b70ab368a8.zip
xmlhandlers/xmppstream: Stop the parser when encountering restricted XML, completing the fix for the billion laughs attack
-rw-r--r--core/xmlhandlers.lua5
1 files changed, 4 insertions, 1 deletions
diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua
index 9e8fd7f6..eb7e3ba1 100644
--- a/core/xmlhandlers.lua
+++ b/core/xmlhandlers.lua
@@ -145,8 +145,11 @@ function init_xmlhandlers(session, stream_callbacks)
end
end
- local function restricted_handler()
+ local function restricted_handler(parser)
cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1.");
+ if not parser:stop() then
+ error("Failed to abort parsing");
+ end
end
if lxp_supports_doctype then