Possible atom table overflow while parsing xml

[RumataEstor]

Just an observation over xmerl usage. When it parses data, every tag and attribute is converted to an atom. Even if schema validation is applied, at least the root element tag and attributes are still parsed and converted to atoms.

So as the SAML endpoints are normally externally available, an attacker can feed the service with data containing random tags and attributes filling BEAM atom table and eventually crashing the node.

To be constructive, I can suggest to use some other safer xml parsing library, for example erlsom. Of course replacing xmerl with anything would be a significant work, but this is a serious security issue that needs to be tackled somehow.