diff options
Diffstat (limited to 'lang/ruby18-base/patches/patch-dg')
-rw-r--r-- | lang/ruby18-base/patches/patch-dg | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/lang/ruby18-base/patches/patch-dg b/lang/ruby18-base/patches/patch-dg deleted file mode 100644 index c056818b5f2..00000000000 --- a/lang/ruby18-base/patches/patch-dg +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: patch-dg,v 1.5 2008/09/14 05:17:18 taca Exp $ - -Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790. -(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) - ---- lib/rexml/document.rb.orig 2008-06-06 17:05:24.000000000 +0900 -+++ lib/rexml/document.rb -@@ -32,6 +32,7 @@ module REXML - # @param context if supplied, contains the context of the document; - # this should be a Hash. - def initialize( source = nil, context = {} ) -+ @entity_expansion_count = 0 - super() - @context = context - return if source.nil? -@@ -200,6 +201,27 @@ module REXML - Parsers::StreamParser.new( source, listener ).parse - end - -+ @@entity_expansion_limit = 10_000 -+ -+ # Set the entity expansion limit. By default the limit is set to 10000. -+ def Document::entity_expansion_limit=( val ) -+ @@entity_expansion_limit = val -+ end -+ -+ # Get the entity expansion limit. By default the limit is set to 10000. -+ def Document::entity_expansion_limit -+ return @@entity_expansion_limit -+ end -+ -+ attr_reader :entity_expansion_count -+ -+ def record_entity_expansion -+ @entity_expansion_count += 1 -+ if @entity_expansion_count > @@entity_expansion_limit -+ raise "number of entity expansions exceeded, processing aborted." -+ end -+ end -+ - private - def build( source ) - Parsers::TreeParser.new( source, self ).parse |