/usr/lib/ruby/vendor_ruby/active_support/core_ext/rexml.rb is in ruby-activesupport-2.3 2.3.14-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | # Fixes the rexml vulnerability disclosed at:
# http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
# This fix is identical to rexml-expansion-fix version 1.0.1
require 'rexml/rexml'
# Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
unless (defined?(REXML::VERSION) ? REXML::VERSION : REXML::Version) > "3.1.7.2"
require 'rexml/document'
# REXML in 1.8.7 has the patch but didn't update Version from 3.1.7.2.
unless REXML::Document.respond_to?(:entity_expansion_limit=)
require 'rexml/entity'
module REXML
class Entity < Child
undef_method :unnormalized
def unnormalized
document.record_entity_expansion! if document
v = value()
return nil if v.nil?
@unnormalized = Text::unnormalize(v, parent)
@unnormalized
end
end
class Document < Element
@@entity_expansion_limit = 10_000
def self.entity_expansion_limit= val
@@entity_expansion_limit = val
end
def record_entity_expansion!
@number_of_expansions ||= 0
@number_of_expansions += 1
if @number_of_expansions > @@entity_expansion_limit
raise "Number of entity expansions exceeded, processing aborted."
end
end
end
end
end
end
|