xml-rs icon indicating copy to clipboard operation
xml-rs copied to clipboard

Published 20 hours ago verified publisher icon netvl

Invalid XML input is parsed as valid

Open linkmauve opened this issue 7 years ago • 1 comments

While I was fuzzing my XMPP parser, I found an invalid sample:

<message xmlns=invalid "jabber:client"/>

This is parsed the same way as this valid sample:

<message xmlns="jabber:client"/>

It would be useful for you to fuzz your library as well, to make sure that kind of issue doesn’t happen in the future.

linkmauve avatar Jul 17 '17 19:07 linkmauve

Thanks! Actually, fuzzing did find some bugs in xml-rs, so this is a thing I probably would like to add, but unfortunately I don't have much time lately :(

netvl avatar Jul 20 '17 15:07 netvl

Fixed in https://github.com/kornelski/xml-rs/commit/9b99b03

kornelski avatar May 10 '23 00:05 kornelski