W3C home > Mailing lists > Public > public-html@w3.org > June 2009

Safe ways of implementing limits on buffer sizes in the parser

From: Henri Sivonen <hsivonen@iki.fi>
Date: Mon, 8 Jun 2009 18:10:57 +0300
Message-Id: <79055C72-1F7D-46FC-9F5B-E5D45238F67E@iki.fi>
To: "public-html@w3.org WG" <public-html@w3.org>
The spec allows implementations to place limits on the sizes of  
various things in HTML in order to avoid exhausting resources.

There are various buffers in the HTML5 parser all of which a remote  
site can fill arbitrarily much by choosing a suitable input. Has  
someone already pondered the security implications of the following  
strategies? That is, are either of these safe?

  1) Truncating a buffer from the end and leaving U+FFFD as the last  
character in the buffer.

  1) Truncating a buffer from the beginning and leaving U+FFFD as the  
first character in the buffer.

(It seems that dropping the buffer entirely is inconvenient e.g. when  
the buffer is an element name, although I guess it's an option for  
attribute values and element content.)

-- 
Henri Sivonen
hsivonen@iki.fi
http://hsivonen.iki.fi/
Received on Monday, 8 June 2009 15:11:40 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:04 UTC