blob: baced8111a02e35d6cd88ac2fd04d0e6cbe943ff (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
require 'rexml/document'
require 'rexml/entity'
# Fixes the rexml vulnerability disclosed at:
# http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
# This fix is identical to rexml-expansion-fix version 1.0.1
#earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
version = defined?(REXML::VERSION) ? REXML::VERSION : REXML::Version
unless version > "3.1.7.2"
module REXML
class Entity < Child
undef_method :unnormalized
def unnormalized
document.record_entity_expansion! if document
v = value()
return nil if v.nil?
@unnormalized = Text::unnormalize(v, parent)
@unnormalized
end
end
class Document < Element
@@entity_expansion_limit = 10_000
def self.entity_expansion_limit= val
@@entity_expansion_limit = val
end
def record_entity_expansion!
@number_of_expansions ||= 0
@number_of_expansions += 1
if @number_of_expansions > @@entity_expansion_limit
raise "Number of entity expansions exceeded, processing aborted."
end
end
end
end
end
|
