Home page logo

oss-sec logo oss-sec mailing list archives

Robust XML validation
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 12 Dec 2012 18:11:47 +0100

I'm working on guidelines for robust XML parsing and I noticed that there are some denial-of-service issues related to validation which do not seem widely documented (but were apparently known when SGML was specified).

I wonder if we should care about this in the sense that we should prepare fixes, or if it is sufficient to recommend to validate against trusted schemas/DTDs only. (I've found an implementation which gets right the things I tested so far, so efficient implementations aren't impossible.)

Florian Weimer / Red Hat Product Security Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]