# HG changeset patch
# User aefimov
# Date 1436729712 -10800
# Node ID fe931343ad6a776f6bca1cfaf0d7af995bf1cdd4
# Parent ba508fc2eeb6fec40f0f1ed0daebf54f743e75dd
8086733: Improve namespace handling
Reviewed-by: dfuchs, lancea, ahgross
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java
--- a/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Sun Jul 12 22:35:12 2015 +0300
@@ -65,27 +65,31 @@
*/
public static enum Limit {
- ENTITY_EXPANSION_LIMIT(XalanConstants.JDK_ENTITY_EXPANSION_LIMIT,
+ ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", XalanConstants.JDK_ENTITY_EXPANSION_LIMIT,
XalanConstants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
- MAX_OCCUR_NODE_LIMIT(XalanConstants.JDK_MAX_OCCUR_LIMIT,
+ MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", XalanConstants.JDK_MAX_OCCUR_LIMIT,
XalanConstants.SP_MAX_OCCUR_LIMIT, 0, 5000),
- ELEMENT_ATTRIBUTE_LIMIT(XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
+ ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
- TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
+ TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
- GENEAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENEAL_ENTITY_SIZE_LIMIT,
+ GENEAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", XalanConstants.JDK_GENEAL_ENTITY_SIZE_LIMIT,
XalanConstants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0),
- PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
+ PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
- MAX_ELEMENT_DEPTH_LIMIT(XalanConstants.JDK_MAX_ELEMENT_DEPTH,
- XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0);
+ MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", XalanConstants.JDK_MAX_ELEMENT_DEPTH,
+ XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0),
+ MAX_NAME_LIMIT("MaxXMLNameLimit", XalanConstants.JDK_XML_NAME_LIMIT,
+ XalanConstants.SP_XML_NAME_LIMIT, 1000, 1000);
+ final String key;
final String apiProperty;
final String systemProperty;
final int defaultValue;
final int secureValue;
- Limit(String apiProperty, String systemProperty, int value, int secureValue) {
+ Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) {
+ this.key = key;
this.apiProperty = apiProperty;
this.systemProperty = systemProperty;
this.defaultValue = value;
@@ -100,6 +104,10 @@
return (propertyName == null) ? false : systemProperty.equals(propertyName);
}
+ public String key() {
+ return key;
+ }
+
public String apiProperty() {
return apiProperty;
}
@@ -108,7 +116,7 @@
return systemProperty;
}
- int defaultValue() {
+ public int defaultValue() {
return defaultValue;
}
@@ -160,7 +168,7 @@
/**
* Index of the special entityCountInfo property
*/
- private int indexEntityCountInfo = 10000;
+ private final int indexEntityCountInfo = 10000;
private String printEntityCountInfo = "";
/**
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java Sun Jul 12 22:35:12 2015 +0300
@@ -332,7 +332,7 @@
new Object[]{entityName});
}
}
- fEntityManager.startEntity(entityName, true);
+ fEntityManager.startEntity(false, entityName, true);
}
}
}
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java Sun Jul 12 22:35:12 2015 +0300
@@ -1,62 +1,21 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
/*
- * The Apache Software License, Version 1.1
- *
- *
- * Copyright (c) 1999-2002 The Apache Software Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ */
+
+/*
+ * Copyright 2005 The Apache Software Foundation.
*
- * 4. The names "Xerces" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation and was
- * originally based on software copyright (c) 1999, International
- * Business Machines, Inc., http://www.apache.org. For more
- * information on the Apache Software Foundation, please see
- * .
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
package com.sun.org.apache.xerces.internal.impl;
@@ -65,6 +24,8 @@
import com.sun.org.apache.xerces.internal.util.XML11Char;
import com.sun.org.apache.xerces.internal.util.XMLChar;
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
import com.sun.org.apache.xerces.internal.xni.QName;
import com.sun.org.apache.xerces.internal.xni.XMLString;
import java.io.IOException;
@@ -690,9 +651,13 @@
break;
}
index = fCurrentEntity.position;
+ //check prefix before further read
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, index - offset);
}
if (++fCurrentEntity.position == fCurrentEntity.count) {
int length = fCurrentEntity.position - offset;
+ //check localpart before loading more data
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length - index - 1);
invokeListeners(length);
if (length == fCurrentEntity.ch.length) {
// bad luck we have to resize our buffer
@@ -786,6 +751,8 @@
offset, length);
if (index != -1) {
int prefixLength = index - offset;
+ //check the result: prefix
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, prefixLength);
prefix = fSymbolTable.addSymbol(fCurrentEntity.ch,
offset, prefixLength);
int len = length - prefixLength - 1;
@@ -798,12 +765,16 @@
null,
XMLErrorReporter.SEVERITY_FATAL_ERROR);
}
+ //check the result: localpart
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, index + 1, len);
localpart = fSymbolTable.addSymbol(fCurrentEntity.ch,
index + 1, len);
}
else {
localpart = rawname;
+ //check the result: localpart
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length);
}
qname.setValues(prefix, localpart, rawname, null);
return true;
@@ -934,6 +905,9 @@
}
int length = fCurrentEntity.position - offset;
fCurrentEntity.columnNumber += length - newlines;
+ if (fCurrentEntity.reference) {
+ checkLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fCurrentEntity, offset, length);
+ }
content.setValues(fCurrentEntity.ch, offset, length);
// return next character
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java Sun Jul 12 22:35:12 2015 +0300
@@ -1,62 +1,21 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
/*
- * The Apache Software License, Version 1.1
- *
- *
- * Copyright (c) 1999-2003 The Apache Software Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ */
+
+/*
+ * Copyright 2005 The Apache Software Foundation.
*
- * 4. The names "Xerces" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation and was
- * originally based on software copyright (c) 2002, International
- * Business Machines, Inc., http://www.apache.org. For more
- * information on the Apache Software Foundation, please see
- * .
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
package com.sun.org.apache.xerces.internal.impl;
@@ -67,6 +26,7 @@
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
import com.sun.org.apache.xerces.internal.xni.QName;
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -340,36 +300,37 @@
}
// call handler
-
- if (empty) {
-
- //decrease the markup depth..
- fMarkupDepth--;
+ if (empty) {
+ //decrease the markup depth..
+ fMarkupDepth--;
- // check that this element was opened in the same entity
- if (fMarkupDepth < fEntityStack[fEntityDepth - 1]) {
- reportFatalError(
- "ElementEntityMismatch",
- new Object[] { fCurrentElement.rawname });
- }
+ // check that this element was opened in the same entity
+ if (fMarkupDepth < fEntityStack[fEntityDepth - 1]) {
+ reportFatalError(
+ "ElementEntityMismatch",
+ new Object[] { fCurrentElement.rawname });
+ }
+ if (fDocumentHandler != null) {
fDocumentHandler.emptyElement(fElementQName, fAttributes, null);
+ }
- /*if (fBindNamespaces) {
- fNamespaceContext.popContext();
- }*/
- fScanEndElement = true;
+ /*if (fBindNamespaces) {
+ fNamespaceContext.popContext();
+ }*/
+ fScanEndElement = true;
- //pop the element off the stack..
- fElementStack.popElement();
- } else {
+ //pop the element off the stack..
+ fElementStack.popElement();
+ } else {
+ if(dtdGrammarUtil != null) {
+ dtdGrammarUtil.startElement(fElementQName, fAttributes);
+ }
- if(dtdGrammarUtil != null)
- dtdGrammarUtil.startElement(fElementQName, fAttributes);
-
- if (fDocumentHandler != null)
+ if (fDocumentHandler != null) {
fDocumentHandler.startElement(fElementQName, fAttributes, null);
}
+ }
if (DEBUG_START_END_ELEMENT)
System.out.println("<<< scanStartElement(): " + empty);
@@ -679,7 +640,13 @@
if (prefix == XMLSymbols.PREFIX_XMLNS
|| prefix == XMLSymbols.EMPTY_STRING
&& localpart == XMLSymbols.PREFIX_XMLNS) {
-
+ if (value.length() > fXMLNameLimit) {
+ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
+ "MaxXMLNameLimit",
+ new Object[]{value, value.length(), fXMLNameLimit,
+ fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.MAX_NAME_LIMIT)},
+ XMLErrorReporter.SEVERITY_FATAL_ERROR);
+ }
// get the internalized value of this attribute
String uri = fSymbolTable.addSymbol(value);
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Sun Jul 12 22:35:12 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/*
@@ -369,6 +369,8 @@
}
// we're done, set starting state for external subset
setScannerState(SCANNER_STATE_TEXT_DECL);
+ // we're done scanning DTD.
+ fLimitAnalyzer.reset(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT);
return false;
}
} while (complete);
@@ -704,7 +706,7 @@
fErrorReporter.reportError( XMLMessageFormatter.XML_DOMAIN,"EntityNotDeclared",
new Object[]{name}, XMLErrorReporter.SEVERITY_ERROR);
}
- fEntityManager.startEntity(fSymbolTable.addSymbol(pName),
+ fEntityManager.startEntity(false, fSymbolTable.addSymbol(pName),
literal);
// if we actually got a new entity and it's external
// parse text decl if there is any
@@ -1632,7 +1634,7 @@
XMLString literal2 = fString;
int countChar = 0;
if (fLimitAnalyzer == null ) {
- fLimitAnalyzer = new XMLLimitAnalyzer();
+ fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
fLimitAnalyzer.startEntity(entityName);
@@ -1640,9 +1642,7 @@
fStringBuffer.clear();
fStringBuffer2.clear();
do {
- if (isPEDecl && fLimitAnalyzer != null) {
- checkLimit("%" + entityName, fString.length + countChar);
- }
+ checkEntityLimit(isPEDecl, entityName, fString.length + countChar);
countChar = 0;
fStringBuffer.append(fString);
fStringBuffer2.append(fString);
@@ -1728,9 +1728,7 @@
literal = fStringBuffer;
literal2 = fStringBuffer2;
} else {
- if (isPEDecl) {
- checkLimit("%" + entityName, literal);
- }
+ checkEntityLimit(isPEDecl, entityName, literal);
}
value.setValues(literal);
nonNormalizedValue.setValues(literal2);
@@ -2152,35 +2150,49 @@
setScannerState(SCANNER_STATE_TEXT_DECL);
//new SymbolTable());
- fLimitAnalyzer = new XMLLimitAnalyzer();
+ fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
+ fSecurityManager = fEntityManager.fSecurityManager;
}
/**
* Add the count of the content buffer and check if the accumulated
* value exceeds the limit
+ * @param isPEDecl a flag to indicate whether the entity is parameter
* @param entityName entity name
* @param buffer content buffer
*/
- private void checkLimit(String entityName, XMLString buffer) {
- checkLimit(entityName, buffer.length);
+ private void checkEntityLimit(boolean isPEDecl, String entityName, XMLString buffer) {
+ checkEntityLimit(isPEDecl, entityName, buffer.length);
}
/**
* Add the count and check limit
+ * @param isPEDecl a flag to indicate whether the entity is parameter
* @param entityName entity name
* @param len length of the buffer
*/
- private void checkLimit(String entityName, int len) {
+ private void checkEntityLimit(boolean isPEDecl, String entityName, int len) {
if (fLimitAnalyzer == null) {
- fLimitAnalyzer = new XMLLimitAnalyzer();
+ fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
- fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName, len);
- if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
- fSecurityManager.debugPrint(fLimitAnalyzer);
- reportFatalError("MaxEntitySizeLimit", new Object[]{entityName,
- fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
- fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
- fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)});
+ if (isPEDecl) {
+ fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, "%" + entityName, len);
+ if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
+ fSecurityManager.debugPrint(fLimitAnalyzer);
+ reportFatalError("MaxEntitySizeLimit", new Object[]{"%" + entityName,
+ fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
+ fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
+ fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)});
+ }
+ } else {
+ fLimitAnalyzer.addValue(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT, entityName, len);
+ if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
+ fSecurityManager.debugPrint(fLimitAnalyzer);
+ reportFatalError("MaxEntitySizeLimit", new Object[]{entityName,
+ fLimitAnalyzer.getValue(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT),
+ fSecurityManager.getLimit(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT),
+ fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT)});
+ }
}
if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
fSecurityManager.debugPrint(fLimitAnalyzer);
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Sun Jul 12 22:35:12 2015 +0300
@@ -89,7 +89,7 @@
// Constants
//
- protected int fElementAttributeLimit;
+ protected int fElementAttributeLimit, fXMLNameLimit;
/** External subset resolver. **/
protected ExternalSubsetResolver fExternalSubsetResolver;
@@ -425,7 +425,7 @@
*/
public void setInputSource(XMLInputSource inputSource) throws IOException {
fEntityManager.setEntityHandler(this);
- fEntityManager.startEntity("$fragment$", inputSource, false, true);
+ fEntityManager.startEntity(false, "$fragment$", inputSource, false, true);
// fDocumentSystemId = fEntityManager.expandSystemId(inputSource.getSystemId());
} // setInputSource(XMLInputSource)
@@ -660,11 +660,12 @@
if (fSecurityManager != null) {
fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
+ fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
} else {
fElementAttributeLimit = 0;
+ fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
}
- fLimitAnalyzer = new XMLLimitAnalyzer();
- fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
+ fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
/**
@@ -1905,7 +1906,7 @@
//if that was the case it its taken care in XMLEntityManager.startEntity()
//we immediately call the endEntity. Application gets to know if there was
//any entity that was not declared.
- fEntityManager.startEntity(name, false);
+ fEntityManager.startEntity(true, name, false);
//set the scaner state to content.. parser will automatically revive itself at any point of time.
//setScannerState(SCANNER_STATE_CONTENT);
//return true ;
@@ -2851,8 +2852,6 @@
if(DEBUG){
System.out.println("NOT USING THE BUFFER, STRING = " + fTempString.toString());
}
- //check limit before returning event
- checkLimit(fContentBuffer);
if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){
if(DEBUG)System.out.println("Return SPACE EVENT");
return XMLEvent.SPACE;
@@ -2951,8 +2950,6 @@
fLastSectionWasCharacterData = true ;
continue;
}else{
- //check limit before returning event
- checkLimit(fContentBuffer);
if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){
if(DEBUG)System.out.println("Return SPACE EVENT");
return XMLEvent.SPACE;
@@ -3163,31 +3160,6 @@
} //while loop
}//next
- /**
- * Add the count of the content buffer and check if the accumulated
- * value exceeds the limit
- * @param buffer content buffer
- */
- protected void checkLimit(XMLStringBuffer buffer) {
- if (fLimitAnalyzer.isTracking(fCurrentEntityName)) {
- fLimitAnalyzer.addValue(Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
- if (fSecurityManager.isOverLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
- fSecurityManager.debugPrint(fLimitAnalyzer);
- reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName,
- fLimitAnalyzer.getValue(Limit.GENEAL_ENTITY_SIZE_LIMIT),
- fSecurityManager.getLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT),
- fSecurityManager.getStateLiteral(Limit.GENEAL_ENTITY_SIZE_LIMIT)});
- }
- if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
- fSecurityManager.debugPrint(fLimitAnalyzer);
- reportFatalError("TotalEntitySizeLimit",
- new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
- fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
- fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)});
- }
- }
- }
-
//
// Protected methods
//
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Sun Jul 12 22:35:12 2015 +0300
@@ -401,6 +401,8 @@
* If this constructor is used to create the object, reset() should be invoked on this object
*/
public XMLEntityManager() {
+ //for entity managers not created by parsers
+ fSecurityManager = new XMLSecurityManager(true);
fEntityStorage = new XMLEntityStorage(this) ;
setScannerVersion(Constants.XML_VERSION_1_0);
} // ()
@@ -578,6 +580,8 @@
/**
* This method uses the passed-in XMLInputSource to make
* fCurrentEntity usable for reading.
+ *
+ * @param reference flag to indicate whether the entity is an Entity Reference.
* @param name name of the entity (XML is it's the document entity)
* @param xmlInputSource the input source, with sufficient information
* to begin scanning characters.
@@ -588,7 +592,7 @@
* XNIException If any parser-specific goes wrong.
* @return the encoding of the new entity or null if a character stream was employed
*/
- public String setupCurrentEntity(String name, XMLInputSource xmlInputSource,
+ public String setupCurrentEntity(boolean reference, String name, XMLInputSource xmlInputSource,
boolean literal, boolean isExternal)
throws IOException, XNIException {
// get information
@@ -831,7 +835,9 @@
* in the prolog of the XML document is not considered. Hence, prolog can
* be read in Chunks of data instead of byte by byte.
*/
- fCurrentEntity = new com.sun.xml.internal.stream.Entity.ScannedEntity(name,new XMLResourceIdentifierImpl(publicId, literalSystemId, baseSystemId, expandedSystemId),stream, reader, encoding, literal, encodingExternallySpecified, isExternal);
+ fCurrentEntity = new Entity.ScannedEntity(reference, name,
+ new XMLResourceIdentifierImpl(publicId, literalSystemId, baseSystemId, expandedSystemId),
+ stream, reader, encoding, literal, encodingExternallySpecified, isExternal);
fCurrentEntity.setEncodingExternallySpecified(encodingExternallySpecified);
fEntityScanner.setCurrentEntity(fCurrentEntity);
fResourceIdentifier.setValues(publicId, literalSystemId, baseSystemId, expandedSystemId);
@@ -1099,6 +1105,7 @@
/**
* Starts a named entity.
*
+ * @param reference flag to indicate whether the entity is an Entity Reference.
* @param entityName The name of the entity to start.
* @param literal True if this entity is started within a literal
* value.
@@ -1106,7 +1113,7 @@
* @throws IOException Thrown on i/o error.
* @throws XNIException Thrown by entity handler to signal an error.
*/
- public void startEntity(String entityName, boolean literal)
+ public void startEntity(boolean reference, String entityName, boolean literal)
throws IOException, XNIException {
// was entity declared?
@@ -1230,7 +1237,7 @@
}
// start the entity
- startEntity(entityName, xmlInputSource, literal, external);
+ startEntity(reference, entityName, xmlInputSource, literal, external);
} // startEntity(String,boolean)
@@ -1245,7 +1252,7 @@
*/
public void startDocumentEntity(XMLInputSource xmlInputSource)
throws IOException, XNIException {
- startEntity(XMLEntity, xmlInputSource, false, true);
+ startEntity(false, XMLEntity, xmlInputSource, false, true);
} // startDocumentEntity(XMLInputSource)
//xxx these methods are not required.
@@ -1260,7 +1267,7 @@
*/
public void startDTDEntity(XMLInputSource xmlInputSource)
throws IOException, XNIException {
- startEntity(DTDEntity, xmlInputSource, false, true);
+ startEntity(false, DTDEntity, xmlInputSource, false, true);
} // startDTDEntity(XMLInputSource)
// indicate start of external subset so that
@@ -1279,6 +1286,7 @@
* This method can be used to insert an application defined XML
* entity stream into the parsing stream.
*
+ * @param reference flag to indicate whether the entity is an Entity Reference.
* @param name The name of the entity.
* @param xmlInputSource The input source of the entity.
* @param literal True if this entity is started within a
@@ -1288,12 +1296,12 @@
* @throws IOException Thrown on i/o error.
* @throws XNIException Thrown by entity handler to signal an error.
*/
- public void startEntity(String name,
+ public void startEntity(boolean reference, String name,
XMLInputSource xmlInputSource,
boolean literal, boolean isExternal)
throws IOException, XNIException {
- String encoding = setupCurrentEntity(name, xmlInputSource, literal, isExternal);
+ String encoding = setupCurrentEntity(reference, name, xmlInputSource, literal, isExternal);
//when entity expansion limit is set by the Application, we need to
//check for the entity expansion limit set by the parser, if number of entity
@@ -1305,7 +1313,7 @@
}
if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex, fLimitAnalyzer)){
fSecurityManager.debugPrint(fLimitAnalyzer);
- fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimitExceeded",
+ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimit",
new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)},
XMLErrorReporter.SEVERITY_FATAL_ERROR );
// is there anything better to do than reset the counter?
@@ -1421,10 +1429,6 @@
// XMLComponent methods
//
public void reset(PropertyManager propertyManager){
- //reset fEntityStorage
- fEntityStorage.reset(propertyManager);
- //reset XMLEntityReaderImpl
- fEntityScanner.reset(propertyManager);
// xerces properties
fSymbolTable = (SymbolTable)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY);
fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.ERROR_REPORTER_PROPERTY);
@@ -1447,6 +1451,12 @@
fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);
+ fLimitAnalyzer = new XMLLimitAnalyzer();
+ //reset fEntityStorage
+ fEntityStorage.reset(propertyManager);
+ //reset XMLEntityReaderImpl
+ fEntityScanner.reset(propertyManager);
+
// initialize state
//fStandalone = false;
fEntities.clear();
@@ -1533,7 +1543,7 @@
// a class acting as a component manager but not
// implementing that interface for whatever reason.
public void reset() {
-
+ fLimitAnalyzer = new XMLLimitAnalyzer();
// initialize state
fStandalone = false;
fEntities.clear();
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java Sun Jul 12 22:35:12 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/*
@@ -30,10 +30,14 @@
import com.sun.org.apache.xerces.internal.util.SymbolTable;
import com.sun.org.apache.xerces.internal.util.XMLChar;
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
+import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
import com.sun.org.apache.xerces.internal.xni.*;
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
import com.sun.xml.internal.stream.Entity;
+import com.sun.xml.internal.stream.Entity.ScannedEntity;
import com.sun.xml.internal.stream.XMLBufferListener;
import java.io.EOFException;
import java.io.IOException;
@@ -60,6 +64,12 @@
protected XMLEntityManager fEntityManager ;
+ /** Security manager. */
+ protected XMLSecurityManager fSecurityManager = null;
+
+ /** Limit analyzer. */
+ protected XMLLimitAnalyzer fLimitAnalyzer = null;
+
/** Debug switching readers for encodings. */
private static final boolean DEBUG_ENCODINGS = false;
/** Listeners which should know when load is being called */
@@ -174,10 +184,7 @@
public void reset(PropertyManager propertyManager){
fSymbolTable = (SymbolTable)propertyManager.getProperty(SYMBOL_TABLE) ;
fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(ERROR_REPORTER) ;
- fCurrentEntity = null;
- whiteSpaceLen = 0;
- whiteSpaceInfoNeeded = true;
- listeners.clear();
+ resetCommon();
}
/**
@@ -196,18 +203,13 @@
*/
public void reset(XMLComponentManager componentManager)
throws XMLConfigurationException {
-
- //System.out.println(" this is being called");
// xerces features
fAllowJavaEncodings = componentManager.getFeature(ALLOW_JAVA_ENCODINGS, false);
//xerces properties
fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE);
fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER);
- fCurrentEntity = null;
- whiteSpaceLen = 0;
- whiteSpaceInfoNeeded = true;
- listeners.clear();
+ resetCommon();
} // reset(XMLComponentManager)
@@ -217,6 +219,17 @@
fSymbolTable = symbolTable;
fEntityManager = entityManager;
fErrorReporter = reporter;
+ fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
+ fSecurityManager = fEntityManager.fSecurityManager;
+ }
+
+ private void resetCommon() {
+ fCurrentEntity = null;
+ whiteSpaceLen = 0;
+ whiteSpaceInfoNeeded = true;
+ listeners.clear();
+ fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
+ fSecurityManager = fEntityManager.fSecurityManager;
}
/**
@@ -813,9 +826,13 @@
break;
}
index = fCurrentEntity.position;
+ //check prefix before further read
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, index - offset);
}
if (++fCurrentEntity.position == fCurrentEntity.count) {
int length = fCurrentEntity.position - offset;
+ //check localpart before loading more data
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length - index - 1);
invokeListeners(length);
if (length == fCurrentEntity.fBufferSize) {
// bad luck we have to resize our buffer
@@ -847,14 +864,20 @@
if (index != -1) {
int prefixLength = index - offset;
+ //check the result: prefix
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, prefixLength);
prefix = fSymbolTable.addSymbol(fCurrentEntity.ch,
offset, prefixLength);
int len = length - prefixLength - 1;
+ //check the result: localpart
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, index + 1, len);
localpart = fSymbolTable.addSymbol(fCurrentEntity.ch,
index + 1, len);
} else {
localpart = rawname;
+ //check the result: localpart
+ checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length);
}
qname.setValues(prefix, localpart, rawname, null);
if (DEBUG_BUFFER) {
@@ -877,6 +900,27 @@
} // scanQName(QName):boolean
/**
+ * Checks whether the value of the specified Limit exceeds its limit
+ *
+ * @param limit The Limit to be checked.
+ * @param entity The current entity.
+ * @param offset The index of the first byte
+ * @param length The length of the entity scanned.
+ */
+ protected void checkLimit(Limit limit, ScannedEntity entity, int offset, int length) {
+ fLimitAnalyzer.addValue(limit, null, length);
+ if (fSecurityManager.isOverLimit(limit, fLimitAnalyzer)) {
+ fSecurityManager.debugPrint(fLimitAnalyzer);
+ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, limit.key(),
+ new Object[]{new String(entity.ch, offset, length),
+ fLimitAnalyzer.getTotalValue(limit),
+ fSecurityManager.getLimit(limit),
+ fSecurityManager.getStateLiteral(limit)},
+ XMLErrorReporter.SEVERITY_FATAL_ERROR);
+ }
+ }
+
+ /**
* CHANGED:
* Scans a range of parsed character data, This function appends the character data to
* the supplied buffer.
@@ -994,6 +1038,9 @@
}
int length = fCurrentEntity.position - offset;
fCurrentEntity.columnNumber += length - newlines;
+ if (fCurrentEntity.reference) {
+ checkLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fCurrentEntity, offset, length);
+ }
//CHANGED: dont replace the value.. append to the buffer. This gives control to the callee
//on buffering the data..
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java Sun Jul 12 22:35:12 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/*
@@ -37,6 +37,7 @@
import com.sun.org.apache.xerces.internal.xni.XMLAttributes;
import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamConstants;
@@ -453,7 +454,15 @@
// it's a namespace declaration. but prefix:xmlns="..." isn't.
if (prefix == XMLSymbols.PREFIX_XMLNS ||
prefix == XMLSymbols.EMPTY_STRING && localpart == XMLSymbols.PREFIX_XMLNS) {
-
+ //check the length of URI
+ if (tmpStr.length > fXMLNameLimit) {
+ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
+ "MaxXMLNameLimit",
+ new Object[]{new String(tmpStr.ch,tmpStr.offset,tmpStr.length),
+ tmpStr.length, fXMLNameLimit,
+ fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.MAX_NAME_LIMIT)},
+ XMLErrorReporter.SEVERITY_FATAL_ERROR);
+ }
// get the internalized value of this attribute
String uri = fSymbolTable.addSymbol(tmpStr.ch,tmpStr.offset,tmpStr.length);
value = uri;
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java Sun Jul 12 22:35:12 2015 +0300
@@ -947,7 +947,7 @@
new Object[]{entityName});
}
}
- fEntityManager.startEntity(entityName, true);
+ fEntityManager.startEntity(false, entityName, true);
}
}
}
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java Sun Jul 12 22:35:12 2015 +0300
@@ -186,7 +186,7 @@
* @throws IOException
*/
public short determineDocVersion(XMLInputSource inputSource) throws IOException {
- fEncoding = fEntityManager.setupCurrentEntity(fXMLSymbol, inputSource, false, true);
+ fEncoding = fEntityManager.setupCurrentEntity(false, fXMLSymbol, inputSource, false, true);
// Must use XML 1.0 scanner to handle whitespace correctly
// in the XML declaration.
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties Sun Jul 12 22:35:12 2015 +0300
@@ -294,10 +294,10 @@
# Implementation limits
- EntityExpansionLimitExceeded=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK.
+ EntityExpansionLimit=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK.
ElementAttributeLimit=JAXP00010002: Element \"{0}\" has more than \"{1}\" attributes, \"{1}\" is the limit imposed by the JDK.
MaxEntitySizeLimit=JAXP00010003: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".
- TotalEntitySizeLimit=JAXP00010004: The accumulated size \"{0}\" of entities exceeded the \"{1}\" limit set by \"{2}\".
- MaxXMLNameLimit=JAXP00010005: The name \"{0}\" exceeded the \"{1}\" limit set by \"{2}\".
+ TotalEntitySizeLimit=JAXP00010004: The accumulated size of entities is \"{1}\" that exceeded the \"{2}\" limit set by \"{3}\".
+ MaxXMLNameLimit=JAXP00010005: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".
MaxElementDepthLimit=JAXP00010006: The element \"{0}\" has a depth of \"{1}\" that exceeds the limit \"{2}\" set by \"{3}\".
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties Sun Jul 12 22:35:12 2015 +0300
@@ -283,7 +283,7 @@
FacetValueFromBase = FacetValueFromBase: In the declaration of type ''{0}'', value ''{1}'' of facet ''{2}'' must be from the value space of the base type, ''{3}''.
FixedFacetValue = FixedFacetValue: In the definition of {3}, the value ''{1}'' for the facet ''{0}'' is invalid, because the value for ''{0}'' has been set to ''{2}'' in one of the ancestor types, and '{'fixed'}' = true.
InvalidRegex = InvalidRegex: Pattern value ''{0}'' is not a valid regular expression. The reported error was: ''{1}'' at column ''{2}''.
- maxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}.
+ MaxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}.
PublicSystemOnNotation = PublicSystemOnNotation: At least one of ''public'' and ''system'' must appear in element ''notation''.
SchemaLocation = SchemaLocation: schemaLocation value = ''{0}'' must have even number of URI''s.
TargetNamespace.1 = TargetNamespace.1: Expecting namespace ''{0}'', but the target namespace of the schema document is ''{1}''.
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java Sun Jul 12 22:35:12 2015 +0300
@@ -115,7 +115,7 @@
System.out.println("nodeCount = " + nodeCount ) ;
System.out.println("nodeLimit = " + maxNodeLimit ) ;
}
- fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "maxOccurLimit", new Object[]{ new Integer(maxNodeLimit) }, XMLErrorReporter.SEVERITY_FATAL_ERROR);
+ fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "MaxOccurLimit", new Object[]{ new Integer(maxNodeLimit) }, XMLErrorReporter.SEVERITY_FATAL_ERROR);
// similarly to entity manager behaviour, take into accont
// behaviour if continue-after-fatal-error is set.
nodeCount = 0;
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java Sun Jul 12 22:35:12 2015 +0300
@@ -1193,7 +1193,7 @@
// maxOccurNodeLimit.
int maxOccurNodeLimit = fSchemaHandler.fSecureProcessing.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT);
if (max > maxOccurNodeLimit && !fSchemaHandler.fSecureProcessing.isNoLimit(maxOccurNodeLimit)) {
- reportSchemaFatalError("maxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element);
+ reportSchemaFatalError("MaxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element);
// reset max values in case processing continues on error
attrValues[ATTIDX_MAXOCCURS] = fXIntPool.getXInt(maxOccurNodeLimit);
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java
--- a/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Sun Jul 12 22:35:12 2015 +0300
@@ -128,18 +128,21 @@
public void addValue(int index, String entityName, int value) {
if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
- index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) {
+ index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
+ index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()
+ ) {
totalValue[index] += value;
return;
}
- if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
+ if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
+ index == Limit.MAX_NAME_LIMIT.ordinal()) {
totalValue[index] = value;
return;
}
Map cache;
if (caches[index] == null) {
- cache = new HashMap(10);
+ cache = new HashMap<>(10);
caches[index] = cache;
} else {
cache = caches[index];
@@ -147,10 +150,10 @@
int accumulatedValue = value;
if (cache.containsKey(entityName)) {
- accumulatedValue += cache.get(entityName).intValue();
- cache.put(entityName, Integer.valueOf(accumulatedValue));
+ accumulatedValue += cache.get(entityName);
+ cache.put(entityName, accumulatedValue);
} else {
- cache.put(entityName, Integer.valueOf(value));
+ cache.put(entityName, value);
}
if (accumulatedValue > values[index]) {
@@ -223,6 +226,16 @@
}
}
+ /**
+ * Resets the current value of the specified limit.
+ * @param limit The limit to be reset.
+ */
+ public void reset(Limit limit) {
+ if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
+ totalValue[limit.ordinal()] = 0;
+ }
+ }
+
public void debugPrint(XMLSecurityManager securityManager) {
Formatter formatter = new Formatter();
System.out.println(formatter.format("%30s %15s %15s %15s %30s",
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java
--- a/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Sun Jul 12 22:35:12 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -61,20 +61,31 @@
*/
public static enum Limit {
- ENTITY_EXPANSION_LIMIT(Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
- MAX_OCCUR_NODE_LIMIT(Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000),
- ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
- TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
- GENEAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENEAL_ENTITY_SIZE_LIMIT, Constants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0),
- PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
- MAX_ELEMENT_DEPTH_LIMIT(Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0);
+ ENTITY_EXPANSION_LIMIT("EntityExpansionLimit",
+ Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
+ MAX_OCCUR_NODE_LIMIT("MaxOccurLimit",
+ Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000),
+ ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit",
+ Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
+ TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit",
+ Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
+ GENEAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
+ Constants.JDK_GENEAL_ENTITY_SIZE_LIMIT, Constants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0),
+ PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
+ Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
+ MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit",
+ Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0),
+ MAX_NAME_LIMIT("MaxXMLNameLimit",
+ Constants.JDK_XML_NAME_LIMIT, Constants.SP_XML_NAME_LIMIT, 1000, 1000);
+ final String key;
final String apiProperty;
final String systemProperty;
final int defaultValue;
final int secureValue;
- Limit(String apiProperty, String systemProperty, int value, int secureValue) {
+ Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) {
+ this.key = key;
this.apiProperty = apiProperty;
this.systemProperty = systemProperty;
this.defaultValue = value;
@@ -89,6 +100,10 @@
return (propertyName == null) ? false : systemProperty.equals(propertyName);
}
+ public String key() {
+ return key;
+ }
+
public String apiProperty() {
return apiProperty;
}
@@ -97,7 +112,7 @@
return systemProperty;
}
- int defaultValue() {
+ public int defaultValue() {
return defaultValue;
}
@@ -152,7 +167,7 @@
/**
* Index of the special entityCountInfo property
*/
- private int indexEntityCountInfo = 10000;
+ private final int indexEntityCountInfo = 10000;
private String printEntityCountInfo = "";
/**
@@ -433,7 +448,9 @@
if (index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() ||
- index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
+ index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
+ index == Limit.MAX_NAME_LIMIT.ordinal()
+ ) {
return (limitAnalyzer.getTotalValue(index) > values[index]);
} else {
return (limitAnalyzer.getValue(index) > values[index]);
diff -r ba508fc2eeb6 -r fe931343ad6a src/com/sun/xml/internal/stream/Entity.java
--- a/src/com/sun/xml/internal/stream/Entity.java Wed Jun 03 17:05:41 2015 +0300
+++ b/src/com/sun/xml/internal/stream/Entity.java Sun Jul 12 22:35:12 2015 +0300
@@ -344,6 +344,9 @@
// to know that prolog is read
public boolean xmlDeclChunkRead = false;
+ // flag to indicate whether the Entity is an Entity Reference
+ public boolean reference = false;
+
/** returns the name of the current encoding
* @return current encoding name
*/
@@ -388,10 +391,11 @@
//
/** Constructs a scanned entity. */
- public ScannedEntity(String name,
+ public ScannedEntity(boolean reference, String name,
XMLResourceIdentifier entityLocation,
InputStream stream, Reader reader,
String encoding, boolean literal, boolean mayReadChunks, boolean isExternal) {
+ this.reference = reference;
this.name = name ;
this.entityLocation = entityLocation;
this.stream = stream;