2008-09-07 07:54:05 +02:00
|
|
|
# Fixes the rexml vulnerability disclosed at:
|
|
|
|
# http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
|
|
|
|
# This fix is identical to rexml-expansion-fix version 1.0.1
|
2009-02-04 21:26:08 +01:00
|
|
|
require 'rexml/rexml'
|
2008-09-07 07:54:05 +02:00
|
|
|
|
2008-10-27 07:47:01 +01:00
|
|
|
# Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
|
2009-02-04 21:26:08 +01:00
|
|
|
unless (defined?(REXML::VERSION) ? REXML::VERSION : REXML::Version) > "3.1.7.2"
|
|
|
|
require 'rexml/document'
|
|
|
|
|
|
|
|
# REXML in 1.8.7 has the patch but didn't update Version from 3.1.7.2.
|
|
|
|
unless REXML::Document.respond_to?(:entity_expansion_limit=)
|
|
|
|
require 'rexml/entity'
|
|
|
|
|
|
|
|
module REXML
|
|
|
|
class Entity < Child
|
|
|
|
undef_method :unnormalized
|
|
|
|
def unnormalized
|
|
|
|
document.record_entity_expansion! if document
|
|
|
|
v = value()
|
|
|
|
return nil if v.nil?
|
|
|
|
@unnormalized = Text::unnormalize(v, parent)
|
|
|
|
@unnormalized
|
|
|
|
end
|
2008-09-07 07:54:05 +02:00
|
|
|
end
|
2009-02-04 21:26:08 +01:00
|
|
|
class Document < Element
|
|
|
|
@@entity_expansion_limit = 10_000
|
|
|
|
def self.entity_expansion_limit= val
|
|
|
|
@@entity_expansion_limit = val
|
|
|
|
end
|
2008-09-07 07:54:05 +02:00
|
|
|
|
2009-02-04 21:26:08 +01:00
|
|
|
def record_entity_expansion!
|
|
|
|
@number_of_expansions ||= 0
|
|
|
|
@number_of_expansions += 1
|
|
|
|
if @number_of_expansions > @@entity_expansion_limit
|
|
|
|
raise "Number of entity expansions exceeded, processing aborted."
|
|
|
|
end
|
2008-09-07 07:54:05 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|