Contents

# Fixes CVE-2014-8080 - https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/

require 'rexml/document'
require 'rexml/entity'

module REXML
  class Entity

    def value
      if @value
        matches = @value.scan(PEREFERENCE_RE)
        rv = @value.clone
        if @parent
          sum = 0
          matches.each do |entity_reference|
            entity_value = @parent.entity( entity_reference[0] )
            if sum + entity_value.size > Security.entity_expansion_text_limit
              raise "Processing aborted: entity expansion (#{sum + entity_value.size}) exceeded our limit (#{Security.entity_expansion_text_limit})."
            else
              sum += entity_value.size
            end
            rv.gsub!( /%#{entity_reference};/um, entity_value )
          end
        end
        return rv
      end
      nil
    end

  end

  class Security
    @@entity_expansion_text_limit = 10_240

    # Set the entity expansion limit. By default the limit is set to 10240.
    def self.entity_expansion_text_limit=( val )
      @@entity_expansion_text_limit = val
    end

    # Get the entity expansion limit. By default the limit is set to 10240.
    def self.entity_expansion_text_limit
      return @@entity_expansion_text_limit
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version	Path
rails-security-backports-0.0.3	lib/rails-security-backports/ruby-cve-backports/cve-2014-8080.rb
rails-security-backports-0.0.2	lib/rails-security-backports/ruby-cve-backports/cve-2014-8080.rb
rails-security-backports-0.0.1	lib/rails-security-backports/ruby-cve-backports/cve-2014-8080.rb