Fix security issue CVE-2013-4549

[taken from RedHat Qt3 patches] (cherry picked from commit cc46bf4ecb4a9b79f4a11d08a68b09e6871dc1a6)
author: Slávek Banko <slavek.banko@axis.cz> 2015-03-09 22:30:32 +0100
committer: Slávek Banko <slavek.banko@axis.cz> 2015-03-09 22:38:31 +0100
commit: 9577716fc34938519a9c57c262efec35bdb3c0d6 (patch)
tree: 0301539f2d5d4380695cc4d7512b9d4f05e6ecab /src/xml/ntqxml.h
parent: 6d346d4d84e88aa98ee5f06e94b64199c992213e (diff)
download: tqt-9577716fc34938519a9c57c262efec35bdb3c0d6.tar.gz
tqt-9577716fc34938519a9c57c262efec35bdb3c0d6.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/xml/ntqxml.h b/src/xml/ntqxml.h
index cc4d23910..f729b6abc 100644
--- a/src/xml/ntqxml.h
+++ b/src/xml/ntqxml.h
@@ -307,6 +307,12 @@ private:
 
     TQXmlSimpleReaderPrivate* d;
 
+    // The limit to the amount of times the DTD parsing functions can be called
+    // for the DTD currently being parsed.
+    static const uint dtdRecursionLimit = 2U;
+    // The maximum amount of characters an entity value may contain, after expansion.
+    static const uint entityCharacterLimit = 65536U;
+
     const TQString &string();
     void stringClear();
     inline void stringAddC() { stringAddC(c); }
@@ -378,6 +384,7 @@ private:
     void unexpectedEof( ParseFunction where, int state );
     void parseFailed( ParseFunction where, int state );
     void pushParseState( ParseFunction function, int state );
+    bool isExpandedEntityValueTooLarge(TQString *errorMessage);
 
     void setUndefEntityInAttrHack(bool b);
author	Slávek Banko <slavek.banko@axis.cz>	2015-03-09 22:30:32 +0100
committer	Slávek Banko <slavek.banko@axis.cz>	2015-03-09 22:38:31 +0100
commit	9577716fc34938519a9c57c262efec35bdb3c0d6 (patch)
tree	0301539f2d5d4380695cc4d7512b9d4f05e6ecab /src/xml/ntqxml.h
parent	6d346d4d84e88aa98ee5f06e94b64199c992213e (diff)
download	tqt-9577716fc34938519a9c57c262efec35bdb3c0d6.tar.gz tqt-9577716fc34938519a9c57c262efec35bdb3c0d6.zip