Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add limits to reading XML inputs #319

Merged
merged 12 commits into from
Jan 20, 2025
Merged

Add limits to reading XML inputs #319

merged 12 commits into from
Jan 20, 2025

Conversation

Koenvh1
Copy link
Contributor

@Koenvh1 Koenvh1 commented Jan 20, 2025

This PR adds read limits to XML file parsing

@Koenvh1 Koenvh1 requested a review from partim January 20, 2025 08:43
@partim
Copy link
Member

partim commented Jan 20, 2025

General question: Do we want to use 100M for everything or distinguish between the attributes and the content and use a much smaller value for the attributes?

partim
partim reviewed Jan 20, 2025
View reviewed changes
Copy link
Member

@partim partim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have made some small formatting changes and also changed the u128 used for the limit into a u64. You could argue it could also be a usize – the machine running the code can’t keep more than that in memory, anyway.

src/xml/decode.rs Show resolved Hide resolved
@partim partim merged commit 8290c8a into main Jan 20, 2025
24 checks passed
@partim partim deleted the rrdp-testing branch January 20, 2025 16:19
partim added a commit that referenced this pull request Jan 22, 2025
@partim
Release 0.18.5. (#322)
3cbda55 
New

* `ca::idexchange::Error` now impls `std::error::Error`. ([#297])
* Re-export `bcder` as `dep::bcder` if it is enabled. ([#299])
* Added `PublisherRequest::set_publisher_handle`. ([#300])
* Added `uri::{Rsync,Https}::path_into_dir` ([#302])
* Added `Ipv4Block` and `Ipv6Block` and `FromIterator` impls for
  `Ipv4Blocks` and `Ipv6Blocks`. ([#298])
* Made `AddressRange` public and added methods to convert ranges into
  a set of prefixes. ([#306])
* Updated the ASPA RTR PDU to conform with version -14 of
  draft-ietf-sidrops-8210bis. ([#309])
* Enable ASPA version 2 in the RTR server. ([#318])
* The ASPA `ProviderAsSet` now keeps track of its length and exposes it
  via the new `len` method. ([#315])
* The ASPA Provider AS Set is now limited to 16380 entries when parsing from
  ASPA objects and creating RTR PDUs. ([#316])
* Exposed `ca::idcert::TbsIdCert::validity`. ([#310]);
* Protect against maliciously large XML input to the RRDP parser. This
  will allow re-enabling GZIP support in RRDP clients. ([#319])

Bug fixes

* Do not allow backslashes in idexchange handles. ([#304])
* Check the content of file names in a manifest during parsing. This fixes a
  crash when later code assumes that the file names only contain ASCII
  characters and otherwise panics. ([#320])

Other changes

* The minimum supported Rust version is now 1.73. ([#319])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@partim partim partim left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Koenvh1 @partim