diff options
author | Slávek Banko <slavek.banko@axis.cz> | 2015-03-09 22:30:32 +0100 |
---|---|---|
committer | Slávek Banko <slavek.banko@axis.cz> | 2015-03-09 22:34:03 +0100 |
commit | cc46bf4ecb4a9b79f4a11d08a68b09e6871dc1a6 (patch) | |
tree | d3a4eb389746d40e54f20c6f85f49081f79ed2b1 /src/xml/ntqxml.h | |
parent | dfb87398c72e9248aa709ae212e6ab7f2209003d (diff) | |
download | tqt3-cc46bf4ecb4a9b79f4a11d08a68b09e6871dc1a6.tar.gz tqt3-cc46bf4ecb4a9b79f4a11d08a68b09e6871dc1a6.zip |
Fix security issue CVE-2013-4549
[taken from RedHat Qt3 patches]
Diffstat (limited to 'src/xml/ntqxml.h')
-rw-r--r-- | src/xml/ntqxml.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/xml/ntqxml.h b/src/xml/ntqxml.h index cc4d23910..f729b6abc 100644 --- a/src/xml/ntqxml.h +++ b/src/xml/ntqxml.h @@ -307,6 +307,12 @@ private: TQXmlSimpleReaderPrivate* d; + // The limit to the amount of times the DTD parsing functions can be called + // for the DTD currently being parsed. + static const uint dtdRecursionLimit = 2U; + // The maximum amount of characters an entity value may contain, after expansion. + static const uint entityCharacterLimit = 65536U; + const TQString &string(); void stringClear(); inline void stringAddC() { stringAddC(c); } @@ -378,6 +384,7 @@ private: void unexpectedEof( ParseFunction where, int state ); void parseFailed( ParseFunction where, int state ); void pushParseState( ParseFunction function, int state ); + bool isExpandedEntityValueTooLarge(TQString *errorMessage); void setUndefEntityInAttrHack(bool b); |