xymp
/
exiv2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xmpsdk: Build with -DBanAllEntityUsage=1

Browse Source 
Prevent a denial-service-attack related to XML entity expansion
("billion laughs attack").
See https://bugzilla.redhat.com/show_bug.cgi?id=888769

Search for BanAllEntityUsage in xmpsdk/src/ExpatAdapter.cpp

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e44d1dbe769f3b60a3d671be310f4af4f9490e6b)
v0.27.3
Andreas Schneider 7 years ago
parent ad95969a08
commit 189da93480
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File

4
xmpsdk/CMakeLists.txt
Unescape Escape View File

@ -38,6 +38,10 @@ target_include_directories(exiv2-xmp
${EXPAT_INCLUDE_DIR} ${EXPAT_INCLUDE_DIR}
) )
# Prevent a denial-service-attack related to XML entity expansion
# ("billion laughs attack").
# See https://bugzilla.redhat.com/show_bug.cgi?id=888769
target_compile_definitions(exiv2-xmp PRIVATE BanAllEntityUsage=1)
if (MSVC) if (MSVC)
target_compile_definitions(exiv2-xmp PRIVATE XML_STATIC) target_compile_definitions(exiv2-xmp PRIVATE XML_STATIC)
endif() endif()

Write Preview
Loading…
Cancel
Save