W3C home > Mailing lists > Public > public-qa-dev@w3.org > September 2004

Re: [wmvs] OpenSP -R and Win32

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Mon, 06 Sep 2004 21:13:52 +0200
To: Liam Quinn <liam@htmlhelp.com>
Cc: QA Dev <public-qa-dev@w3.org>
Message-ID: <4171b1eb.248339643@smtp.bjoern.hoehrmann.de>

* Liam Quinn wrote:
>I suspect that "file" URIs would also work if SP_WININET were defined,
>although -R doesn't help that situation.

It does not work using onsgmls and it seems that guessIsId() should
reject any non-HTTP scheme request for both the WinInet and the URL
storage managers. This might change though as there is some interest
in storing catalogs, DTDs, etc. in e.g. a single DLL or EXE to ship
just one file.

>The last item and "<OSFILE>/etc/passwd" are the threats relevant to -R.

Right, I've created http://esw.w3.org/topic/MarkupValidator/Threats and
noted this as an additional case. This can also be used for denial of
service attacks, due to the number of copies OpenSP creates of a system
identifier, and that those are all stored using >= 32 Bit for each char,
having a large <LITERAL> might consume all available memory.
Received on Monday, 6 September 2004 19:14:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 August 2010 18:12:44 GMT