third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xmpsdk: Build with -DBanAllEntityUsage=1

Browse Source 
Prevent a denial-service-attack related to XML entity expansion
("billion laughs attack").
See https://bugzilla.redhat.com/show_bug.cgi?id=888769

Search for BanAllEntityUsage in xmpsdk/src/ExpatAdapter.cpp

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e44d1dbe769f3b60a3d671be310f4af4f9490e6b)
This commit is contained in:
Andreas Schneider 2019-01-03 10:31:25 +01:00
parent ad95969a08
commit 189da93480
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
xmpsdk/CMakeLists.txt
View File

@ -38,6 +38,10 @@ target_include_directories(exiv2-xmp
${EXPAT_INCLUDE_DIR}
)
# Prevent a denial-service-attack related to XML entity expansion
# ("billion laughs attack").
# See https://bugzilla.redhat.com/show_bug.cgi?id=888769
target_compile_definitions(exiv2-xmp PRIVATE BanAllEntityUsage=1)
if (MSVC)
target_compile_definitions(exiv2-xmp PRIVATE XML_STATIC)
endif()