From 153cc843ad95930b00b0ca91d30b599b7dec9680 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Tue, 9 Jun 2015 11:24:25 -0700
Subject: enforce a depth limit on XML documents

XML documents that are too deep can cause an stack overflow, which in
turn will cause a potential DoS attack.

CVE-2015-3227

Conflicts:
	activesupport/lib/active_support/xml_mini.rb
---
 activesupport/lib/active_support/xml_mini.rb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'activesupport/lib/active_support/xml_mini.rb')

diff --git a/activesupport/lib/active_support/xml_mini.rb b/activesupport/lib/active_support/xml_mini.rb
index a4ac1d7041..afe9c4a3e9 100644
--- a/activesupport/lib/active_support/xml_mini.rb
+++ b/activesupport/lib/active_support/xml_mini.rb
@@ -77,6 +77,9 @@ module ActiveSupport
     end
 
     attr_reader :backend
+    attr_accessor :depth
+    self.depth = 100
+
     delegate :parse, :to => :backend
 
     def backend=(name)
-- 
cgit v1.2.3