From a684be25dba02b42f21cd45373bf55b70ab368a8 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 2 Jun 2011 15:19:05 +0100
Subject: xmlhandlers/xmppstream: Stop the parser when encountering restricted
 XML, completing the fix for the billion laughs attack

---
 core/xmlhandlers.lua | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua
index 9e8fd7f6..eb7e3ba1 100644
--- a/core/xmlhandlers.lua
+++ b/core/xmlhandlers.lua
@@ -145,8 +145,11 @@ function init_xmlhandlers(session, stream_callbacks)
 			end
 		end
 
-		local function restricted_handler()
+		local function restricted_handler(parser)
 			cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1.");
+			if not parser:stop() then
+				error("Failed to abort parsing");
+			end
 		end
 		
 		if lxp_supports_doctype then
-- 
cgit v1.2.3