From 3058d809d2621aa1d9e416bd86c0ebb243afd45c Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Thu, 17 Sep 2009 11:56:08 +0200 Subject: Detect deep recusion on function calls * libxslt/xsltInternals.h libexslt/functions.c: add a function call counting in the transformation context, and test/increment/decrement in exsltFuncFunctionFunction enter and exit --- libexslt/functions.c | 12 ++++++++++++ libxslt/xsltInternals.h | 1 + 2 files changed, 13 insertions(+) diff --git a/libexslt/functions.c b/libexslt/functions.c index bef4a5a4..13fd06ee 100644 --- a/libexslt/functions.c +++ b/libexslt/functions.c @@ -57,6 +57,8 @@ static void exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs); static exsltFuncFunctionData *exsltFuncNewFunctionData(void); +#define MAX_FUNC_RECURSION 1000 + /*static const xmlChar *exsltResultDataID = (const xmlChar *) "EXSLT Result";*/ /** @@ -321,6 +323,15 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) { "param == NULL\n"); return; } + if (tctxt->funcLevel > MAX_FUNC_RECURSION) { + xsltGenericError(xsltGenericErrorContext, + "{%s}%s: detected a recursion\n", + ctxt->context->functionURI, ctxt->context->function); + ctxt->error = XPATH_MEMORY_ERROR; + return; + } + tctxt->funcLevel++; + /* * We have a problem with the evaluation of function parameters. * The original library code did not evaluate XPath expressions until @@ -437,6 +448,7 @@ error: * the calling process exits. */ xsltExtensionInstructionResultFinalize(tctxt); + tctxt->funcLevel--; } diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h index 538b3b35..e991a93c 100644 --- a/libxslt/xsltInternals.h +++ b/libxslt/xsltInternals.h @@ -1774,6 +1774,7 @@ struct _xsltTransformContext { exits */ xmlDocPtr localRVTBase; int keyInitLevel; /* Needed to catch recursive keys issues */ + int funcLevel; /* Needed to catch recursive functions issues */ }; /** -- cgit v1.2.3