Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions src/mapogcfilter.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -575,6 +575,26 @@ int FLTLayerApplyPlainFilterToLayer(FilterEncodingNode *psNode, mapObj *map,
return status;
}

static bool msCheckDepthLessThanInternal(const CPLXMLNode *psNode,
int nMaxDepth) {
if (nMaxDepth <= 0)
return false;
for (const CPLXMLNode *psIter = psNode->psChild; psIter;
psIter = psIter->psNext) {
if (!msCheckDepthLessThanInternal(psIter, nMaxDepth - 1))
return false;
}
return true;
}

bool msCheckDepthLessThan(const CPLXMLNode *psNode, int nMaxDepth) {
for (const CPLXMLNode *psIter = psNode; psIter; psIter = psIter->psNext) {
if (!msCheckDepthLessThanInternal(psIter, nMaxDepth))
return false;
}
return true;
}

/************************************************************************/
/* FilterNode *FLTPaserFilterEncoding(char *szXMLString) */
/* */
Expand All @@ -597,6 +617,11 @@ FilterEncodingNode *FLTParseFilterEncoding(const char *szXMLString) {

if (psRoot == NULL)
return NULL;
if (!msCheckDepthLessThan(psRoot, 256)) {
msDebug("FLTParseFilterEncoding(): %s", "Too deep nesting in filter");
CPLDestroyXMLNode(psRoot);
return NULL;
}

/* strip namespaces. We strip all name spaces (#1350)*/
CPLStripXMLNamespace(psRoot, NULL, 1);
Expand Down
3 changes: 3 additions & 0 deletions src/mapogcfilter.h
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ typedef struct {
/* -------------------------------------------------------------------- */
/* prototypes. */
/* -------------------------------------------------------------------- */

bool msCheckDepthLessThan(const CPLXMLNode *psNode, int nMaxDepth);

MS_DLL_EXPORT int FLTIsNumeric(const char *pszValue);
MS_DLL_EXPORT int FLTApplyExpressionToLayer(layerObj *lp,
const char *pszExpression);
Expand Down
5 changes: 5 additions & 0 deletions src/mapogcsld.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -644,6 +644,11 @@ layerObj *msSLDParseSLD(mapObj *map, const char *psSLDXML, int *pnLayers) {
msSetError(MS_WMSERR, "Invalid SLD document : %s", "", psSLDXML);
return NULL;
}
if (!msCheckDepthLessThan(psRoot, 256)) {
msSetError(MS_WMSERR, "Invalid SLD document : too deep nesting", "");
CPLDestroyXMLNode(psRoot);
return NULL;
}

/* strip namespaces ogc and sld and gml */
CPLStripXMLNamespace(psRoot, "ogc", 1);
Expand Down
Loading