dgit.raspbian.org Git - qtbase-opensource-src.git/commit

add an expansion limit for entities

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db41
Last-Update: 2020-02-27

Recursively defined entities can easily exhaust all available
memory. Limit entity expansion to a default of 4096 characters to
avoid DoS attacks when a user loads untrusted content.

Added a setter and getter to allow modifying the expansion limit.

QXmlStreamReader does now by default limit the expansion of entities
to 4096 characters. Documents where a single entity expands to more
characters than the limit are not considered well formed. The limit
is there to avoid DoS attacks through recursively expanding entities
when loading untrusted content. The limit can be changed through the
QXmlStreamReader::setEntityExpansionLimit() method.

Gbp-Pq: Name CVE-2015-9541.diff

author	Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
	Thu, 27 Feb 2020 13:52:19 +0000 (13:52 +0000)
committer	Dmitry Shachnev <mitya57@debian.org>
	Thu, 27 Feb 2020 13:52:19 +0000 (13:52 +0000)
commit	9378ba48e35ae690964af7c01cdc7f3a7a59d999
tree	048c39082608fbc4882b22f3f280dceb5fbfc2a8	tree \| snapshot
parent	6aad9dca18385127504ca11591bce0c429fe1221	commit \| diff

src/corelib/serialization/qxmlstream.cpp		diff \| blob \| history
src/corelib/serialization/qxmlstream.g		diff \| blob \| history
src/corelib/serialization/qxmlstream.h		diff \| blob \| history
src/corelib/serialization/qxmlstream_p.h		diff \| blob \| history