diff options
Diffstat (limited to 'contrib/expat/doc/xmlwf.1')
| -rw-r--r-- | contrib/expat/doc/xmlwf.1 | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/contrib/expat/doc/xmlwf.1 b/contrib/expat/doc/xmlwf.1 index 76aa7e30d074..aa2e9c218007 100644 --- a/contrib/expat/doc/xmlwf.1 +++ b/contrib/expat/doc/xmlwf.1 @@ -5,7 +5,7 @@ \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac -.TH XMLWF 1 "March 27, 2025" "" "" +.TH XMLWF 1 "September 24, 2025" "" "" .SH NAME xmlwf \- Determines if an XML document is well-formed .SH SYNOPSIS @@ -88,7 +88,11 @@ supports both. .TP \*(T<\fB\-a\fR\*(T> \fIfactor\fR Sets the maximum tolerated amplification factor -for protection against billion laughs attacks (default: 100.0). +for protection against amplification attacks +like the billion laughs attack +(default: 100.0 +for the sum of direct and indirect output and also +for allocations of dynamic memory). The amplification factor is calculated as .. .nf @@ -97,12 +101,22 @@ The amplification factor is calculated as .. .fi -\&.. while parsing, whereas +\&.. with regard to use of entities and .. + +.nf + + amplification := allocated / direct + +.fi + +\&.. with regard to dynamic memory while parsing. <direct> is the number of bytes read -from the primary document in parsing and +from the primary document in parsing, <indirect> is the number of bytes added by expanding entities and reading of external DTD files, -combined. +combined, and +<allocated> is the total number of bytes of dynamic memory +allocated (and not freed) per hierarchy of parsers. \fINOTE\fR: If you ever need to increase this value for non-attack payload, @@ -110,8 +124,10 @@ please file a bug report. .TP \*(T<\fB\-b\fR\*(T> \fIbytes\fR Sets the number of output bytes (including amplification) -needed to activate protection against billion laughs attacks -(default: 8 MiB). +needed to activate protection against amplification attacks +like billion laughs +(default: 8 MiB for the sum of direct and indirect output, +and 64 MiB for allocations of dynamic memory). This can be thought of as an "activation threshold". \fINOTE\fR: |