| dc.description.abstract | One of the key concerns to the adoption of XML as the de facto standard for information
representation is security. This has clear concerns for the continued success ofWeb Services
as many elements of Web Services are XML based. XML parsers are present in all XML
based applications and therefore any security vulnerability discovered in a parser is a serious
threat to all applications of which it is a component.
This thesis concerns itself with the analysis of the Xerces-C++ (Xerces) parser. It deals
explicitly with vulnerabilities that could be exploited by an attacker, for uses such as crashing
or gaining privileges on applications that incorporate Xerces. Xerces was chosen as it is open
source, is widely available and is written in a non-typesafe language, i.e. C++.
Using a static analysis tool, ITS4, two separate buffer overflows were discovered. The
first buffer overflow, a heap based overflow, was caused by the use of the insecure C function
strcat()and could be effected by the use of the schemaLocation attribute in an XML
document or schema. The second buffer overflow, a stack based overflow, was caused by the
use of the insecure C function strcpy() and could be effected using Xerces error messages
location setting.
The same method which caused the first overflow in Xerces, was then tested on two
applications which incorporated Xerces as a component. The two applications were Berkeley
DB XML and Xalan-C++. Both applications crashed, suffering the same buffer overflows as
was observed in Xerces.
The results showed that there are indeed vulnerabilities in Xerces, which can be used to
cause buffer overflows in and crash applications that use Xerces as a parser. Unless addressed
these kinds of vulnerabilities could have serious repercussions for the future of XML and
XML based applications. | en |
