summaryrefslogtreecommitdiffstats
path: root/src/xml/ntqxml.h
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2015-03-09 22:30:32 +0100
committerSlávek Banko <slavek.banko@axis.cz>2015-03-09 22:34:03 +0100
commitcc46bf4ecb4a9b79f4a11d08a68b09e6871dc1a6 (patch)
treed3a4eb389746d40e54f20c6f85f49081f79ed2b1 /src/xml/ntqxml.h
parentdfb87398c72e9248aa709ae212e6ab7f2209003d (diff)
downloadtqt3-cc46bf4ecb4a9b79f4a11d08a68b09e6871dc1a6.tar.gz
tqt3-cc46bf4ecb4a9b79f4a11d08a68b09e6871dc1a6.zip
Fix security issue CVE-2013-4549
[taken from RedHat Qt3 patches]
Diffstat (limited to 'src/xml/ntqxml.h')
-rw-r--r--src/xml/ntqxml.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/xml/ntqxml.h b/src/xml/ntqxml.h
index cc4d23910..f729b6abc 100644
--- a/src/xml/ntqxml.h
+++ b/src/xml/ntqxml.h
@@ -307,6 +307,12 @@ private:
TQXmlSimpleReaderPrivate* d;
+ // The limit to the amount of times the DTD parsing functions can be called
+ // for the DTD currently being parsed.
+ static const uint dtdRecursionLimit = 2U;
+ // The maximum amount of characters an entity value may contain, after expansion.
+ static const uint entityCharacterLimit = 65536U;
+
const TQString &string();
void stringClear();
inline void stringAddC() { stringAddC(c); }
@@ -378,6 +384,7 @@ private:
void unexpectedEof( ParseFunction where, int state );
void parseFailed( ParseFunction where, int state );
void pushParseState( ParseFunction function, int state );
+ bool isExpandedEntityValueTooLarge(TQString *errorMessage);
void setUndefEntityInAttrHack(bool b);