From 6927b8951eb7d206a016c737a2e9ae5dfed47f0c Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 22 May 2013 18:43:57 +0000
Subject: [PATCH] https://issues.shibboleth.net/jira/browse/CPPXT-96

---
 xmltooling/internal.h          |  2 ++
 xmltooling/util/ParserPool.cpp | 12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/xmltooling/internal.h b/xmltooling/internal.h
index bf879f3..c39bb8d 100644
--- a/xmltooling/internal.h
+++ b/xmltooling/internal.h
@@ -55,6 +55,8 @@
 
 #define XMLTOOLING_LOGCAT "XMLTooling"
 
+#define XMLTOOLING_ENTITY_EXPANSION_LIMIT 100
+
 // Macros for path and directory separators.
 #if defined __CYGWIN32__ && !defined __CYGWIN__
    /* For backwards compatibility with Cygwin b19 and
diff --git a/xmltooling/util/ParserPool.cpp b/xmltooling/util/ParserPool.cpp
index 78d64cc..f6bc369 100644
--- a/xmltooling/util/ParserPool.cpp
+++ b/xmltooling/util/ParserPool.cpp
@@ -104,7 +104,17 @@ namespace {
 
 
 ParserPool::ParserPool(bool namespaceAware, bool schemaAware)
-    : m_namespaceAware(namespaceAware), m_schemaAware(schemaAware), m_lock(Mutex::create()), m_security(new SecurityManager()) {}
+        : m_namespaceAware(namespaceAware), m_schemaAware(schemaAware), m_lock(Mutex::create()), m_security(new SecurityManager()) {
+
+    int expLimit = 0;
+    const char* env = getenv("XMLTOOLING_ENTITY_EXPANSION_LIMIT");
+    if (env) {
+        expLimit = atoi(env);
+    }
+    if (expLimit <= 0)
+        expLimit = XMLTOOLING_ENTITY_EXPANSION_LIMIT;
+    m_security->setEntityExpansionLimit(expLimit);
+}
 
 ParserPool::~ParserPool()
 {
-- 
2.1.4