Skip to content

Commit 5fc7444

Browse files
tvdijentvdijen
committed
Add guard to limit amount of namespaces and transforms
1 parent 363e232 commit 5fc7444

File tree

2 files changed

+24
-2
lines changed

2 files changed

+24
-2
lines changed

src/Constants.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -253,4 +253,10 @@ class Constants extends \SimpleSAML\XML\Constants
253253
self::C14N11_INCLUSIVE_WITH_COMMENTS,
254254
self::C14N11_INCLUSIVE_WITHOUT_COMMENTS,
255255
];
256+
257+
/**
258+
* Library default limits
259+
*/
260+
public const int MAX_TRANSFORMS = 2;
261+
public const int MAX_XPATH_NAMESPACES = 20;
256262
}

src/XML/CanonicalizableElementTrait.php

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,10 @@
55
namespace SimpleSAML\XMLSecurity\XML;
66

77
use DOMElement;
8+
use SimpleSAML\XMLSecurity\Assert\Assert;
89
use SimpleSAML\XMLSecurity\Constants as C;
910
use SimpleSAML\XMLSecurity\Exception\CanonicalizationFailedException;
11+
use SimpleSAML\XMLSecurity\Exception\ReferenceValidationFailedException;
1012
use SimpleSAML\XMLSecurity\XML\ds\Transforms;
1113
use SimpleSAML\XPath\Constants as XPATH_C;
1214

@@ -118,6 +120,13 @@ public function processTransforms(
118120
Transforms $transforms,
119121
DOMElement $data,
120122
): string {
123+
Assert::maxCount(
124+
$transforms->getTransform(),
125+
C::MAX_TRANSFORMS,
126+
ReferenceValidationFailedException::class,
127+
'Too many transforms.',
128+
);
129+
121130
$canonicalMethod = C::C14N_EXCLUSIVE_WITHOUT_COMMENTS;
122131
$arXPath = null;
123132
$prefixList = null;
@@ -140,9 +149,16 @@ public function processTransforms(
140149
$arXPath = [];
141150
$xpathValue = $xpath->getContent()->getValue();
142151
$arXPath['query'] = '(.//. | .//@* | .//namespace::*)[' . $xpathValue . ']';
143-
144152
$arXpath['namespaces'] = $xpath->getNamespaces();
145-
$nslist = $xp->query('./namespace::*', $node);
153+
154+
$nslist = $xpCache->query('./namespace::*', $xpath->toXML());
155+
Assert::lessThanEq(
156+
$nslist->count(),
157+
C::MAX_XPATH_NAMESPACES,
158+
ReferenceValidationFailedException::class,
159+
'Too many namespaces.',
160+
);
161+
146162
foreach ($nslist as $nsnode) {
147163
if ($nsnode->localName != "xml") {
148164
$arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue;

0 commit comments

Comments
 (0)