Mercurial > hg > openjdk > jdk6 > jaxp
changeset 19:7bd1b7e10c91 jdk6-b11
6755916: Changes for openjdk6 build 11
6542088: JAX-WS server allows XXE attacks
6607339: IncrementalSAXSource_Filter still allows reading of local files
6620632: DTD event is missing entity and notation information
Summary: Final b11 state (as defined by the source bundle)
Reviewed-by: darcy
| author | ohair |
|---|---|
| date | Fri, 30 Jan 2009 17:05:46 -0800 |
| parents | f2d6d145f9b8 |
| children | 1c5a6dcaf747 |
| files | THIRD_PARTY_README src/share/classes/com/sun/org/apache/xerces/internal/impl/PropertyManager.java src/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java src/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java src/share/classes/com/sun/org/apache/xml/internal/utils/ThreadControllerWrapper.java src/share/classes/com/sun/xml/internal/stream/events/XMLEventAllocatorImpl.java |
| diffstat | 6 files changed, 99 insertions(+), 46 deletions(-) [+] |
line wrap: on
line diff
--- a/THIRD_PARTY_README Fri Jan 30 17:00:59 2009 -0800 +++ b/THIRD_PARTY_README Fri Jan 30 17:05:46 2009 -0800 @@ -137,16 +137,6 @@ The name and trademarks of copyright holders may NOT be used in advertising or publicity pertaining to the software without specific, written prior permission. Title to copyright in this software and any associated documentation will at all times remain with copyright holders. ____________________________________ This formulation of W3C's notice and license became active on August 14 1998 so as to improve compatibility with GPL. This version ensures that W3C software licensing terms are no more restrictive than GPL and consequently W3C software may be distributed in GPL packages. See the older formulation for the policy prior to this date. Please see our Copyright FAQ for common questions about using materials from our site, including specific terms and conditions for packages like libwww, Amaya, and Jigsaw. Other questions about this notice can be directed to site-policy@w3.org. - -%% This notice is provided with respect to jscheme.jar, which may be included with this software: -Software License Agreement -Copyright © 1998-2002 by Peter Norvig. -Permission is granted to anyone to use this software, in source or object code form, on any computer system, and to modify, compile, decompile, run, and redistribute it to anyone else, subject to the following restrictions: -1.The author makes no warranty of any kind, either expressed or implied, about the suitability of this software for any purpose. -2.The author accepts no liability of any kind for damages or other consequences of the use of this software, even if they arise from defects in the software. -3.The origin of this software must not be misrepresented, either by explicit claim or by omission. -4.Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Altered versions may be distributed in packages under other licenses (such as the GNU license). -If you find this software useful, it would be nice if you let me (peter@norvig.com) know about it, and nicer still if you send me modifications that you are willing to share. However, you are not required to do so. %% This notice is provided with respect to PC/SC Lite for Suse Linux v. 1.1.1, which may be included with this software:
--- a/src/share/classes/com/sun/org/apache/xerces/internal/impl/PropertyManager.java Fri Jan 30 17:00:59 2009 -0800 +++ b/src/share/classes/com/sun/org/apache/xerces/internal/impl/PropertyManager.java Fri Jan 30 17:05:46 2009 -0800 @@ -45,8 +45,8 @@ public class PropertyManager { - protected static final String STAX_NOTATIONS = "javax.xml.stream.notations"; - protected static final String STAX_ENTITIES = "javax.xml.stream.entities"; + public static final String STAX_NOTATIONS = "javax.xml.stream.notations"; + public static final String STAX_ENTITIES = "javax.xml.stream.entities"; private static final String STRING_INTERNING = "http://xml.org/sax/features/string-interning";
--- a/src/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Fri Jan 30 17:00:59 2009 -0800 +++ b/src/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Fri Jan 30 17:05:46 2009 -0800 @@ -289,6 +289,8 @@ protected boolean fReportCdataEvent = false ; protected boolean fIsCoalesce = false ; protected String fDeclaredEncoding = null; + /** Disallow doctype declaration. */ + protected boolean fDisallowDoctype = false; // drivers @@ -1852,6 +1854,11 @@ } // start general entity if (!fEntityStore.isDeclaredEntity(name)) { + //SUPPORT_DTD=false && ReplaceEntityReferences should throw exception + if (fDisallowDoctype && fReplaceEntityReferences) { + reportFatalError("EntityNotDeclared", new Object[]{name}); + return; + } //REVISIT: one more case needs to be included: external PE and standalone is no if ( fHasExternalDTD && !fStandalone) { if (fValidation)
--- a/src/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java Fri Jan 30 17:00:59 2009 -0800 +++ b/src/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java Fri Jan 30 17:05:46 2009 -0800 @@ -62,6 +62,9 @@ * @author Arnaud Le Hors, IBM * @author Eric Ye, IBM * @author Sunitha Reddy, Sun Microsystems + * Refer to the table in unit-test javax.xml.stream.XMLStreamReaderTest.SupportDTD for changes + * related to property SupportDTD. + * @author Joe Wang, Sun Microsystems */ public class XMLDocumentScannerImpl extends XMLDocumentFragmentScannerImpl{ @@ -185,9 +188,6 @@ /** Load external DTD. */ protected boolean fLoadExternalDTD = true; - /** Disallow doctype declaration. */ - protected boolean fDisallowDoctype = false; - // state /** Seen doctype declaration. */ @@ -227,8 +227,8 @@ /** String. */ private XMLString fString = new XMLString(); - public static final char [] DOCTYPE = {'D','O','C','T','Y','P','E'}; - public static final char [] COMMENTSTRING = {'-','-'}; + private static final char [] DOCTYPE = {'D','O','C','T','Y','P','E'}; + private static final char [] COMMENTSTRING = {'-','-'}; // // Constructors @@ -708,6 +708,12 @@ // // Private methods // + /** Set the scanner state after scanning DTD */ + protected void setEndDTDScanState() { + setScannerState(SCANNER_STATE_PROLOG); + setDriver(fPrologDriver); + fEntityManager.setEntityHandler(XMLDocumentScannerImpl.this); + } /** Returns the scanner state name. */ protected String getScannerStateName(int state) { @@ -930,19 +936,21 @@ reportFatalError("AlreadySeenDoctype", null); } fSeenDoctypeDecl = true; - if(fDTDDriver == null){ - fDTDDriver = new DTDDriver(); - } // scanDoctypeDecl() sends XNI doctypeDecl event that // in SAX is converted to startDTD() event. if (scanDoctypeDecl(fDisallowDoctype)) { + //allow parsing of entity decls to continue in order to stay well-formed setScannerState(SCANNER_STATE_DTD_INTERNAL_DECLS); fSeenInternalSubset = true; + if(fDTDDriver == null){ + fDTDDriver = new DTDDriver(); + } setDriver(fContentDriver); - int dtdEvent = fDTDDriver.next(); + //always return DTD event, the event however, will not contain any entities + return fDTDDriver.next(); // If no DTD support, ignore and continue parsing - return fDisallowDoctype ? next() : dtdEvent; + //return fDisallowDoctype ? next() : dtdEvent; } /** xxx:check this part again @@ -955,17 +963,18 @@ } */ - if (fDisallowDoctype) { - setScannerState(SCANNER_STATE_PROLOG); - return next(); - } - // handle external subset if (fDoctypeSystemId != null) { if (((fValidation || fLoadExternalDTD) && (fValidationManager == null || !fValidationManager.isCachedDTD()))) { - setScannerState(SCANNER_STATE_DTD_EXTERNAL); + if (!fDisallowDoctype) { + setScannerState(SCANNER_STATE_DTD_EXTERNAL); + } else { + setScannerState(SCANNER_STATE_PROLOG); + } setDriver(fContentDriver); + if(fDTDDriver == null) + fDTDDriver = new DTDDriver(); return fDTDDriver.next(); } @@ -976,8 +985,14 @@ // This handles the case of a DOCTYPE that had neither an internal subset or an external subset. fDTDScanner.setInputSource(fExternalSubsetSource); fExternalSubsetSource = null; - setScannerState(SCANNER_STATE_DTD_EXTERNAL_DECLS); + if (!fDisallowDoctype) { + setScannerState(SCANNER_STATE_DTD_EXTERNAL_DECLS); + } else { + setScannerState(SCANNER_STATE_PROLOG); + } setDriver(fContentDriver); + if(fDTDDriver == null) + fDTDDriver = new DTDDriver(); return fDTDDriver.next(); } } @@ -1117,19 +1132,21 @@ } fMarkupDepth--; - // scan external subset next - if (!XMLDocumentScannerImpl.this.fDisallowDoctype && - fDoctypeSystemId != null && (fValidation || fLoadExternalDTD)) { - setScannerState(SCANNER_STATE_DTD_EXTERNAL); + if (fDisallowDoctype) { + //simply reset the entity store without having to mess around + //with the DTD Scanner code + fEntityStore = fEntityManager.getEntityStore(); + fEntityStore.reset(); + } else { + // scan external subset next unless we are ignoring DTDs + if (fDoctypeSystemId != null && (fValidation || fLoadExternalDTD)) { + setScannerState(SCANNER_STATE_DTD_EXTERNAL); + break; + } } + setEndDTDScanState(); - // break out of here - else { - setScannerState(SCANNER_STATE_PROLOG); - setDriver(fPrologDriver); - fEntityManager.setEntityHandler(XMLDocumentScannerImpl.this); - return true; - } + return true; } break; } @@ -1160,13 +1177,16 @@ boolean completeDTD = true; boolean moreToScan = fDTDScanner.scanDTDExternalSubset(completeDTD); if (!moreToScan) { - setScannerState(SCANNER_STATE_PROLOG); - setDriver(fPrologDriver); - fEntityManager.setEntityHandler(XMLDocumentScannerImpl.this); + setEndDTDScanState(); return true; } break; } + case SCANNER_STATE_PROLOG : { + // skip entity decls + setEndDTDScanState(); + return true; + } default: { throw new XNIException("DTDDriver#dispatch: scanner state="+fScannerState+" ("+getScannerStateName(fScannerState)+')'); }
--- a/src/share/classes/com/sun/org/apache/xml/internal/utils/ThreadControllerWrapper.java Fri Jan 30 17:00:59 2009 -0800 +++ b/src/share/classes/com/sun/org/apache/xml/internal/utils/ThreadControllerWrapper.java Fri Jan 30 17:05:46 2009 -0800 @@ -53,7 +53,35 @@ { /** - * Will get a thread from the pool, execute the task + * This class was introduced as a fix for CR 6607339. + */ + final class SafeThread extends Thread { + private volatile boolean ran = false; + + public SafeThread(Runnable target) { + super(target); + } + + public final void run() { + if (Thread.currentThread() != this) { + throw new IllegalStateException("The run() method in a" + + " SafeThread cannot be called from another thread."); + } + synchronized (this) { + if (!ran) { + ran = true; + } + else { + throw new IllegalStateException("The run() method in a" + + " SafeThread cannot be called more than once."); + } + } + super.run(); + } + } + + /** + * Will get a thread from the pool, execute the task * and return the thread to the pool. * * The return value is used only to wait for completion @@ -68,7 +96,7 @@ public Thread run(Runnable task, int priority) { - Thread t = new Thread(task); + Thread t = new SafeThread(task); t.start();
--- a/src/share/classes/com/sun/xml/internal/stream/events/XMLEventAllocatorImpl.java Fri Jan 30 17:00:59 2009 -0800 +++ b/src/share/classes/com/sun/xml/internal/stream/events/XMLEventAllocatorImpl.java Fri Jan 30 17:05:46 2009 -0800 @@ -25,6 +25,8 @@ package com.sun.xml.internal.stream.events; +import com.sun.org.apache.xerces.internal.impl.PropertyManager; +import java.util.List; import javax.xml.stream.util.XMLEventAllocator; import javax.xml.stream.*; import javax.xml.stream.events.*; @@ -144,7 +146,13 @@ break; } case XMLEvent.DTD:{ - event = new DTDEvent(streamReader.getText()); + DTDEvent dtdEvent = new DTDEvent(streamReader.getText()); + dtdEvent.setLocation(streamReader.getLocation()); + List entities = (List)streamReader.getProperty(PropertyManager.STAX_ENTITIES); + if (entities != null && entities.size() != 0) dtdEvent.setEntities(entities); + List notations = (List)streamReader.getProperty(PropertyManager.STAX_NOTATIONS); + if (notations != null && notations.size() != 0) dtdEvent.setNotations(notations); + event = dtdEvent; break; } case XMLEvent.CDATA:{