diff options
| author | aefimov <none@none> | 2015-07-12 22:35:12 +0300 |
|---|---|---|
| committer | aefimov <none@none> | 2015-07-12 22:35:12 +0300 |
| commit | 5ca93f5f61cd6518f0690807de9814350f0ecb7e (patch) | |
| tree | 6b6d82128af61ffbcbd510de0ba218ef02d92bea /src | |
| parent | fef3b501abc7ddb63f21c79a7590fcd1a3a67d25 (diff) | |
| download | jdk8u_jaxp-5ca93f5f61cd6518f0690807de9814350f0ecb7e.tar.gz | |
8086733: Improve namespace handling
Reviewed-by: dfuchs, lancea, ahgross
Diffstat (limited to 'src')
18 files changed, 285 insertions, 252 deletions
diff --git a/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java index 0883841..0701bb1 100644 --- a/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java +++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java @@ -65,27 +65,31 @@ public final class XMLSecurityManager { */ public static enum Limit { - ENTITY_EXPANSION_LIMIT(XalanConstants.JDK_ENTITY_EXPANSION_LIMIT, + ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", XalanConstants.JDK_ENTITY_EXPANSION_LIMIT, XalanConstants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000), - MAX_OCCUR_NODE_LIMIT(XalanConstants.JDK_MAX_OCCUR_LIMIT, + MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", XalanConstants.JDK_MAX_OCCUR_LIMIT, XalanConstants.SP_MAX_OCCUR_LIMIT, 0, 5000), - ELEMENT_ATTRIBUTE_LIMIT(XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT, + ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT, XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), - TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT, + TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT, XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), - GENERAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT, + GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT, XalanConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0), - PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, + PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000), - MAX_ELEMENT_DEPTH_LIMIT(XalanConstants.JDK_MAX_ELEMENT_DEPTH, - XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0); + MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", XalanConstants.JDK_MAX_ELEMENT_DEPTH, + XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0), + MAX_NAME_LIMIT("MaxXMLNameLimit", XalanConstants.JDK_XML_NAME_LIMIT, + XalanConstants.SP_XML_NAME_LIMIT, 1000, 1000); + final String key; final String apiProperty; final String systemProperty; final int defaultValue; final int secureValue; - Limit(String apiProperty, String systemProperty, int value, int secureValue) { + Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) { + this.key = key; this.apiProperty = apiProperty; this.systemProperty = systemProperty; this.defaultValue = value; @@ -100,6 +104,10 @@ public final class XMLSecurityManager { return (propertyName == null) ? false : systemProperty.equals(propertyName); } + public String key() { + return key; + } + public String apiProperty() { return apiProperty; } @@ -108,7 +116,7 @@ public final class XMLSecurityManager { return systemProperty; } - int defaultValue() { + public int defaultValue() { return defaultValue; } @@ -160,7 +168,7 @@ public final class XMLSecurityManager { /** * Index of the special entityCountInfo property */ - private int indexEntityCountInfo = 10000; + private final int indexEntityCountInfo = 10000; private String printEntityCountInfo = ""; /** diff --git a/src/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java b/src/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java index dda470a..6f862d0 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java @@ -332,7 +332,7 @@ public class XML11DocumentScannerImpl new Object[]{entityName}); } } - fEntityManager.startEntity(entityName, true); + fEntityManager.startEntity(false, entityName, true); } } } diff --git a/src/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java b/src/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java index c293551..146aa40 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java @@ -1,62 +1,21 @@ /* - * reserved comment block - * DO NOT REMOVE OR ALTER! + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. */ + /* - * The Apache Software License, Version 1.1 - * - * - * Copyright (c) 1999-2002 The Apache Software Foundation. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Copyright 2005 The Apache Software Foundation. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. + * http://www.apache.org/licenses/LICENSE-2.0 * - * 4. The names "Xerces" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation and was - * originally based on software copyright (c) 1999, International - * Business Machines, Inc., http://www.apache.org. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package com.sun.org.apache.xerces.internal.impl; @@ -65,6 +24,8 @@ import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter; import com.sun.org.apache.xerces.internal.util.XML11Char; import com.sun.org.apache.xerces.internal.util.XMLChar; import com.sun.org.apache.xerces.internal.util.XMLStringBuffer; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit; import com.sun.org.apache.xerces.internal.xni.QName; import com.sun.org.apache.xerces.internal.xni.XMLString; import java.io.IOException; @@ -690,9 +651,13 @@ public class XML11EntityScanner break; } index = fCurrentEntity.position; + //check prefix before further read + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, index - offset); } if (++fCurrentEntity.position == fCurrentEntity.count) { int length = fCurrentEntity.position - offset; + //check localpart before loading more data + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length - index - 1); invokeListeners(length); if (length == fCurrentEntity.ch.length) { // bad luck we have to resize our buffer @@ -786,6 +751,8 @@ public class XML11EntityScanner offset, length); if (index != -1) { int prefixLength = index - offset; + //check the result: prefix + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, prefixLength); prefix = fSymbolTable.addSymbol(fCurrentEntity.ch, offset, prefixLength); int len = length - prefixLength - 1; @@ -798,12 +765,16 @@ public class XML11EntityScanner null, XMLErrorReporter.SEVERITY_FATAL_ERROR); } + //check the result: localpart + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, index + 1, len); localpart = fSymbolTable.addSymbol(fCurrentEntity.ch, index + 1, len); } else { localpart = rawname; + //check the result: localpart + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length); } qname.setValues(prefix, localpart, rawname, null); return true; @@ -934,6 +905,9 @@ public class XML11EntityScanner } int length = fCurrentEntity.position - offset; fCurrentEntity.columnNumber += length - newlines; + if (fCurrentEntity.reference) { + checkLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fCurrentEntity, offset, length); + } content.setValues(fCurrentEntity.ch, offset, length); // return next character diff --git a/src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java b/src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java index 7a826df..a3dd4d1 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java @@ -1,62 +1,21 @@ /* - * reserved comment block - * DO NOT REMOVE OR ALTER! + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. */ + /* - * The Apache Software License, Version 1.1 - * - * - * Copyright (c) 1999-2003 The Apache Software Foundation. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Copyright 2005 The Apache Software Foundation. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. + * http://www.apache.org/licenses/LICENSE-2.0 * - * 4. The names "Xerces" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation and was - * originally based on software copyright (c) 2002, International - * Business Machines, Inc., http://www.apache.org. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package com.sun.org.apache.xerces.internal.impl; @@ -67,6 +26,7 @@ import com.sun.org.apache.xerces.internal.impl.dtd.XMLDTDValidatorFilter; import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter; import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl; import com.sun.org.apache.xerces.internal.util.XMLSymbols; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.NamespaceContext; import com.sun.org.apache.xerces.internal.xni.QName; import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler; @@ -340,36 +300,37 @@ public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl { } // call handler + if (empty) { + //decrease the markup depth.. + fMarkupDepth--; - if (empty) { - - //decrease the markup depth.. - fMarkupDepth--; - - // check that this element was opened in the same entity - if (fMarkupDepth < fEntityStack[fEntityDepth - 1]) { - reportFatalError( - "ElementEntityMismatch", - new Object[] { fCurrentElement.rawname }); - } + // check that this element was opened in the same entity + if (fMarkupDepth < fEntityStack[fEntityDepth - 1]) { + reportFatalError( + "ElementEntityMismatch", + new Object[] { fCurrentElement.rawname }); + } + if (fDocumentHandler != null) { fDocumentHandler.emptyElement(fElementQName, fAttributes, null); + } - /*if (fBindNamespaces) { - fNamespaceContext.popContext(); - }*/ - fScanEndElement = true; - - //pop the element off the stack.. - fElementStack.popElement(); - } else { + /*if (fBindNamespaces) { + fNamespaceContext.popContext(); + }*/ + fScanEndElement = true; - if(dtdGrammarUtil != null) - dtdGrammarUtil.startElement(fElementQName, fAttributes); + //pop the element off the stack.. + fElementStack.popElement(); + } else { + if(dtdGrammarUtil != null) { + dtdGrammarUtil.startElement(fElementQName, fAttributes); + } - if (fDocumentHandler != null) + if (fDocumentHandler != null) { fDocumentHandler.startElement(fElementQName, fAttributes, null); } + } if (DEBUG_START_END_ELEMENT) System.out.println("<<< scanStartElement(): " + empty); @@ -679,7 +640,13 @@ public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl { if (prefix == XMLSymbols.PREFIX_XMLNS || prefix == XMLSymbols.EMPTY_STRING && localpart == XMLSymbols.PREFIX_XMLNS) { - + if (value.length() > fXMLNameLimit) { + fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, + "MaxXMLNameLimit", + new Object[]{value, value.length(), fXMLNameLimit, + fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.MAX_NAME_LIMIT)}, + XMLErrorReporter.SEVERITY_FATAL_ERROR); + } // get the internalized value of this attribute String uri = fSymbolTable.addSymbol(value); diff --git a/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java b/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java index 10715c2..5cbdc01 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. */ /* @@ -369,6 +369,8 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler { } // we're done, set starting state for external subset setScannerState(SCANNER_STATE_TEXT_DECL); + // we're done scanning DTD. + fLimitAnalyzer.reset(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT); return false; } } while (complete); @@ -704,7 +706,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler { fErrorReporter.reportError( XMLMessageFormatter.XML_DOMAIN,"EntityNotDeclared", new Object[]{name}, XMLErrorReporter.SEVERITY_ERROR); } - fEntityManager.startEntity(fSymbolTable.addSymbol(pName), + fEntityManager.startEntity(false, fSymbolTable.addSymbol(pName), literal); // if we actually got a new entity and it's external // parse text decl if there is any @@ -1632,7 +1634,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler { XMLString literal2 = fString; int countChar = 0; if (fLimitAnalyzer == null ) { - fLimitAnalyzer = new XMLLimitAnalyzer(); + fLimitAnalyzer = fEntityManager.fLimitAnalyzer; } fLimitAnalyzer.startEntity(entityName); @@ -1640,9 +1642,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler { fStringBuffer.clear(); fStringBuffer2.clear(); do { - if (isPEDecl && fLimitAnalyzer != null) { - checkLimit("%" + entityName, fString.length + countChar); - } + checkEntityLimit(isPEDecl, entityName, fString.length + countChar); countChar = 0; fStringBuffer.append(fString); fStringBuffer2.append(fString); @@ -1728,9 +1728,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler { literal = fStringBuffer; literal2 = fStringBuffer2; } else { - if (isPEDecl) { - checkLimit("%" + entityName, literal); - } + checkEntityLimit(isPEDecl, entityName, literal); } value.setValues(literal); nonNormalizedValue.setValues(literal2); @@ -2152,35 +2150,49 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler { setScannerState(SCANNER_STATE_TEXT_DECL); //new SymbolTable()); - fLimitAnalyzer = new XMLLimitAnalyzer(); + fLimitAnalyzer = fEntityManager.fLimitAnalyzer; + fSecurityManager = fEntityManager.fSecurityManager; } /** * Add the count of the content buffer and check if the accumulated * value exceeds the limit + * @param isPEDecl a flag to indicate whether the entity is parameter * @param entityName entity name * @param buffer content buffer */ - private void checkLimit(String entityName, XMLString buffer) { - checkLimit(entityName, buffer.length); + private void checkEntityLimit(boolean isPEDecl, String entityName, XMLString buffer) { + checkEntityLimit(isPEDecl, entityName, buffer.length); } /** * Add the count and check limit + * @param isPEDecl a flag to indicate whether the entity is parameter * @param entityName entity name * @param len length of the buffer */ - private void checkLimit(String entityName, int len) { + private void checkEntityLimit(boolean isPEDecl, String entityName, int len) { if (fLimitAnalyzer == null) { - fLimitAnalyzer = new XMLLimitAnalyzer(); - } - fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName, len); - if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { - fSecurityManager.debugPrint(fLimitAnalyzer); - reportFatalError("MaxEntitySizeLimit", new Object[]{entityName, - fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), - fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), - fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)}); + fLimitAnalyzer = fEntityManager.fLimitAnalyzer; + } + if (isPEDecl) { + fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, "%" + entityName, len); + if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { + fSecurityManager.debugPrint(fLimitAnalyzer); + reportFatalError("MaxEntitySizeLimit", new Object[]{"%" + entityName, + fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), + fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), + fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)}); + } + } else { + fLimitAnalyzer.addValue(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, entityName, len); + if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { + fSecurityManager.debugPrint(fLimitAnalyzer); + reportFatalError("MaxEntitySizeLimit", new Object[]{entityName, + fLimitAnalyzer.getValue(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getLimit(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT)}); + } } if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { fSecurityManager.debugPrint(fLimitAnalyzer); diff --git a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java index 9068cdc..e8a2d43 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java @@ -89,7 +89,7 @@ public class XMLDocumentFragmentScannerImpl // Constants // - protected int fElementAttributeLimit; + protected int fElementAttributeLimit, fXMLNameLimit; /** External subset resolver. **/ protected ExternalSubsetResolver fExternalSubsetResolver; @@ -425,7 +425,7 @@ public class XMLDocumentFragmentScannerImpl */ public void setInputSource(XMLInputSource inputSource) throws IOException { fEntityManager.setEntityHandler(this); - fEntityManager.startEntity("$fragment$", inputSource, false, true); + fEntityManager.startEntity(false, "$fragment$", inputSource, false, true); // fDocumentSystemId = fEntityManager.expandSystemId(inputSource.getSystemId()); } // setInputSource(XMLInputSource) @@ -660,11 +660,12 @@ public class XMLDocumentFragmentScannerImpl if (fSecurityManager != null) { fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT); + fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT); } else { fElementAttributeLimit = 0; + fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue(); } - fLimitAnalyzer = new XMLLimitAnalyzer(); - fEntityManager.setLimitAnalyzer(fLimitAnalyzer); + fLimitAnalyzer = fEntityManager.fLimitAnalyzer; } /** @@ -1905,7 +1906,7 @@ public class XMLDocumentFragmentScannerImpl //if that was the case it its taken care in XMLEntityManager.startEntity() //we immediately call the endEntity. Application gets to know if there was //any entity that was not declared. - fEntityManager.startEntity(name, false); + fEntityManager.startEntity(true, name, false); //set the scaner state to content.. parser will automatically revive itself at any point of time. //setScannerState(SCANNER_STATE_CONTENT); //return true ; @@ -2851,8 +2852,6 @@ public class XMLDocumentFragmentScannerImpl if(DEBUG){ System.out.println("NOT USING THE BUFFER, STRING = " + fTempString.toString()); } - //check limit before returning event - checkLimit(fContentBuffer); if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){ if(DEBUG)System.out.println("Return SPACE EVENT"); return XMLEvent.SPACE; @@ -2951,8 +2950,6 @@ public class XMLDocumentFragmentScannerImpl fLastSectionWasCharacterData = true ; continue; }else{ - //check limit before returning event - checkLimit(fContentBuffer); if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){ if(DEBUG)System.out.println("Return SPACE EVENT"); return XMLEvent.SPACE; @@ -3163,31 +3160,6 @@ public class XMLDocumentFragmentScannerImpl } //while loop }//next - /** - * Add the count of the content buffer and check if the accumulated - * value exceeds the limit - * @param buffer content buffer - */ - protected void checkLimit(XMLStringBuffer buffer) { - if (fLimitAnalyzer.isTracking(fCurrentEntityName)) { - fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length); - if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { - fSecurityManager.debugPrint(fLimitAnalyzer); - reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName, - fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT), - fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT), - fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)}); - } - if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { - fSecurityManager.debugPrint(fLimitAnalyzer); - reportFatalError("TotalEntitySizeLimit", - new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT), - fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT), - fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)}); - } - } - } - // // Protected methods // diff --git a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java index 6cc4338..44c8398 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java @@ -402,6 +402,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { * If this constructor is used to create the object, reset() should be invoked on this object */ public XMLEntityManager() { + //for entity managers not created by parsers + fSecurityManager = new XMLSecurityManager(true); fEntityStorage = new XMLEntityStorage(this) ; setScannerVersion(Constants.XML_VERSION_1_0); } // <init>() @@ -579,6 +581,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { /** * This method uses the passed-in XMLInputSource to make * fCurrentEntity usable for reading. + * + * @param reference flag to indicate whether the entity is an Entity Reference. * @param name name of the entity (XML is it's the document entity) * @param xmlInputSource the input source, with sufficient information * to begin scanning characters. @@ -589,7 +593,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { * XNIException If any parser-specific goes wrong. * @return the encoding of the new entity or null if a character stream was employed */ - public String setupCurrentEntity(String name, XMLInputSource xmlInputSource, + public String setupCurrentEntity(boolean reference, String name, XMLInputSource xmlInputSource, boolean literal, boolean isExternal) throws IOException, XNIException { // get information @@ -832,7 +836,9 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { * in the prolog of the XML document is not considered. Hence, prolog can * be read in Chunks of data instead of byte by byte. */ - fCurrentEntity = new com.sun.xml.internal.stream.Entity.ScannedEntity(name,new XMLResourceIdentifierImpl(publicId, literalSystemId, baseSystemId, expandedSystemId),stream, reader, encoding, literal, encodingExternallySpecified, isExternal); + fCurrentEntity = new Entity.ScannedEntity(reference, name, + new XMLResourceIdentifierImpl(publicId, literalSystemId, baseSystemId, expandedSystemId), + stream, reader, encoding, literal, encodingExternallySpecified, isExternal); fCurrentEntity.setEncodingExternallySpecified(encodingExternallySpecified); fEntityScanner.setCurrentEntity(fCurrentEntity); fResourceIdentifier.setValues(publicId, literalSystemId, baseSystemId, expandedSystemId); @@ -1100,6 +1106,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { /** * Starts a named entity. * + * @param reference flag to indicate whether the entity is an Entity Reference. * @param entityName The name of the entity to start. * @param literal True if this entity is started within a literal * value. @@ -1107,7 +1114,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { * @throws IOException Thrown on i/o error. * @throws XNIException Thrown by entity handler to signal an error. */ - public void startEntity(String entityName, boolean literal) + public void startEntity(boolean reference, String entityName, boolean literal) throws IOException, XNIException { // was entity declared? @@ -1231,7 +1238,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { } // start the entity - startEntity(entityName, xmlInputSource, literal, external); + startEntity(reference, entityName, xmlInputSource, literal, external); } // startEntity(String,boolean) @@ -1246,7 +1253,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { */ public void startDocumentEntity(XMLInputSource xmlInputSource) throws IOException, XNIException { - startEntity(XMLEntity, xmlInputSource, false, true); + startEntity(false, XMLEntity, xmlInputSource, false, true); } // startDocumentEntity(XMLInputSource) //xxx these methods are not required. @@ -1261,7 +1268,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { */ public void startDTDEntity(XMLInputSource xmlInputSource) throws IOException, XNIException { - startEntity(DTDEntity, xmlInputSource, false, true); + startEntity(false, DTDEntity, xmlInputSource, false, true); } // startDTDEntity(XMLInputSource) // indicate start of external subset so that @@ -1280,6 +1287,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { * This method can be used to insert an application defined XML * entity stream into the parsing stream. * + * @param reference flag to indicate whether the entity is an Entity Reference. * @param name The name of the entity. * @param xmlInputSource The input source of the entity. * @param literal True if this entity is started within a @@ -1289,12 +1297,12 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { * @throws IOException Thrown on i/o error. * @throws XNIException Thrown by entity handler to signal an error. */ - public void startEntity(String name, + public void startEntity(boolean reference, String name, XMLInputSource xmlInputSource, boolean literal, boolean isExternal) throws IOException, XNIException { - String encoding = setupCurrentEntity(name, xmlInputSource, literal, isExternal); + String encoding = setupCurrentEntity(reference, name, xmlInputSource, literal, isExternal); //when entity expansion limit is set by the Application, we need to //check for the entity expansion limit set by the parser, if number of entity @@ -1306,7 +1314,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { } if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex, fLimitAnalyzer)){ fSecurityManager.debugPrint(fLimitAnalyzer); - fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimitExceeded", + fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimit", new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)}, XMLErrorReporter.SEVERITY_FATAL_ERROR ); // is there anything better to do than reset the counter? @@ -1422,10 +1430,6 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { // XMLComponent methods // public void reset(PropertyManager propertyManager){ - //reset fEntityStorage - fEntityStorage.reset(propertyManager); - //reset XMLEntityReaderImpl - fEntityScanner.reset(propertyManager); // xerces properties fSymbolTable = (SymbolTable)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY); fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.ERROR_REPORTER_PROPERTY); @@ -1448,6 +1452,12 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER); + fLimitAnalyzer = new XMLLimitAnalyzer(); + //reset fEntityStorage + fEntityStorage.reset(propertyManager); + //reset XMLEntityReaderImpl + fEntityScanner.reset(propertyManager); + // initialize state //fStandalone = false; fEntities.clear(); @@ -1534,7 +1544,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { // a class acting as a component manager but not // implementing that interface for whatever reason. public void reset() { - + fLimitAnalyzer = new XMLLimitAnalyzer(); // initialize state fStandalone = false; fEntities.clear(); diff --git a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java index 768118d..4e12d15 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. */ /* @@ -30,10 +30,14 @@ import com.sun.org.apache.xerces.internal.util.EncodingMap; import com.sun.org.apache.xerces.internal.util.SymbolTable; import com.sun.org.apache.xerces.internal.util.XMLChar; import com.sun.org.apache.xerces.internal.util.XMLStringBuffer; +import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit; import com.sun.org.apache.xerces.internal.xni.*; import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager; import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException; import com.sun.xml.internal.stream.Entity; +import com.sun.xml.internal.stream.Entity.ScannedEntity; import com.sun.xml.internal.stream.XMLBufferListener; import java.io.EOFException; import java.io.IOException; @@ -60,6 +64,12 @@ public class XMLEntityScanner implements XMLLocator { protected XMLEntityManager fEntityManager ; + /** Security manager. */ + protected XMLSecurityManager fSecurityManager = null; + + /** Limit analyzer. */ + protected XMLLimitAnalyzer fLimitAnalyzer = null; + /** Debug switching readers for encodings. */ private static final boolean DEBUG_ENCODINGS = false; /** Listeners which should know when load is being called */ @@ -174,10 +184,7 @@ public class XMLEntityScanner implements XMLLocator { public void reset(PropertyManager propertyManager){ fSymbolTable = (SymbolTable)propertyManager.getProperty(SYMBOL_TABLE) ; fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(ERROR_REPORTER) ; - fCurrentEntity = null; - whiteSpaceLen = 0; - whiteSpaceInfoNeeded = true; - listeners.clear(); + resetCommon(); } /** @@ -196,18 +203,13 @@ public class XMLEntityScanner implements XMLLocator { */ public void reset(XMLComponentManager componentManager) throws XMLConfigurationException { - - //System.out.println(" this is being called"); // xerces features fAllowJavaEncodings = componentManager.getFeature(ALLOW_JAVA_ENCODINGS, false); //xerces properties fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE); fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER); - fCurrentEntity = null; - whiteSpaceLen = 0; - whiteSpaceInfoNeeded = true; - listeners.clear(); + resetCommon(); } // reset(XMLComponentManager) @@ -217,6 +219,17 @@ public class XMLEntityScanner implements XMLLocator { fSymbolTable = symbolTable; fEntityManager = entityManager; fErrorReporter = reporter; + fLimitAnalyzer = fEntityManager.fLimitAnalyzer; + fSecurityManager = fEntityManager.fSecurityManager; + } + + private void resetCommon() { + fCurrentEntity = null; + whiteSpaceLen = 0; + whiteSpaceInfoNeeded = true; + listeners.clear(); + fLimitAnalyzer = fEntityManager.fLimitAnalyzer; + fSecurityManager = fEntityManager.fSecurityManager; } /** @@ -813,9 +826,13 @@ public class XMLEntityScanner implements XMLLocator { break; } index = fCurrentEntity.position; + //check prefix before further read + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, index - offset); } if (++fCurrentEntity.position == fCurrentEntity.count) { int length = fCurrentEntity.position - offset; + //check localpart before loading more data + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length - index - 1); invokeListeners(length); if (length == fCurrentEntity.fBufferSize) { // bad luck we have to resize our buffer @@ -847,14 +864,20 @@ public class XMLEntityScanner implements XMLLocator { if (index != -1) { int prefixLength = index - offset; + //check the result: prefix + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, prefixLength); prefix = fSymbolTable.addSymbol(fCurrentEntity.ch, offset, prefixLength); int len = length - prefixLength - 1; + //check the result: localpart + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, index + 1, len); localpart = fSymbolTable.addSymbol(fCurrentEntity.ch, index + 1, len); } else { localpart = rawname; + //check the result: localpart + checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length); } qname.setValues(prefix, localpart, rawname, null); if (DEBUG_BUFFER) { @@ -877,6 +900,27 @@ public class XMLEntityScanner implements XMLLocator { } // scanQName(QName):boolean /** + * Checks whether the value of the specified Limit exceeds its limit + * + * @param limit The Limit to be checked. + * @param entity The current entity. + * @param offset The index of the first byte + * @param length The length of the entity scanned. + */ + protected void checkLimit(Limit limit, ScannedEntity entity, int offset, int length) { + fLimitAnalyzer.addValue(limit, null, length); + if (fSecurityManager.isOverLimit(limit, fLimitAnalyzer)) { + fSecurityManager.debugPrint(fLimitAnalyzer); + fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, limit.key(), + new Object[]{new String(entity.ch, offset, length), + fLimitAnalyzer.getTotalValue(limit), + fSecurityManager.getLimit(limit), + fSecurityManager.getStateLiteral(limit)}, + XMLErrorReporter.SEVERITY_FATAL_ERROR); + } + } + + /** * CHANGED: * Scans a range of parsed character data, This function appends the character data to * the supplied buffer. @@ -994,6 +1038,9 @@ public class XMLEntityScanner implements XMLLocator { } int length = fCurrentEntity.position - offset; fCurrentEntity.columnNumber += length - newlines; + if (fCurrentEntity.reference) { + checkLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fCurrentEntity, offset, length); + } //CHANGED: dont replace the value.. append to the buffer. This gives control to the callee //on buffering the data.. diff --git a/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java b/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java index ea1e2e4..7853357 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. */ /* @@ -37,6 +37,7 @@ import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler; import com.sun.org.apache.xerces.internal.xni.XMLAttributes; import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource; import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import javax.xml.stream.XMLInputFactory; import javax.xml.stream.XMLStreamConstants; @@ -453,7 +454,15 @@ public class XMLNSDocumentScannerImpl // it's a namespace declaration. but prefix:xmlns="..." isn't. if (prefix == XMLSymbols.PREFIX_XMLNS || prefix == XMLSymbols.EMPTY_STRING && localpart == XMLSymbols.PREFIX_XMLNS) { - + //check the length of URI + if (tmpStr.length > fXMLNameLimit) { + fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, + "MaxXMLNameLimit", + new Object[]{new String(tmpStr.ch,tmpStr.offset,tmpStr.length), + tmpStr.length, fXMLNameLimit, + fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.MAX_NAME_LIMIT)}, + XMLErrorReporter.SEVERITY_FATAL_ERROR); + } // get the internalized value of this attribute String uri = fSymbolTable.addSymbol(tmpStr.ch,tmpStr.offset,tmpStr.length); value = uri; diff --git a/src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java b/src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java index ff43d47..48462a8 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java @@ -947,7 +947,7 @@ public abstract class XMLScanner new Object[]{entityName}); } } - fEntityManager.startEntity(entityName, true); + fEntityManager.startEntity(false, entityName, true); } } } diff --git a/src/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java b/src/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java index 08b4093..437cc30 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java @@ -186,7 +186,7 @@ public class XMLVersionDetector { * @throws IOException */ public short determineDocVersion(XMLInputSource inputSource) throws IOException { - fEncoding = fEntityManager.setupCurrentEntity(fXMLSymbol, inputSource, false, true); + fEncoding = fEntityManager.setupCurrentEntity(false, fXMLSymbol, inputSource, false, true); // Must use XML 1.0 scanner to handle whitespace correctly // in the XML declaration. diff --git a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties index 24087e2..e3cbc5f 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties +++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties @@ -294,10 +294,10 @@ # Implementation limits - EntityExpansionLimitExceeded=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK. + EntityExpansionLimit=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK. ElementAttributeLimit=JAXP00010002: Element \"{0}\" has more than \"{1}\" attributes, \"{1}\" is the limit imposed by the JDK. MaxEntitySizeLimit=JAXP00010003: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\". - TotalEntitySizeLimit=JAXP00010004: The accumulated size \"{0}\" of entities exceeded the \"{1}\" limit set by \"{2}\". - MaxXMLNameLimit=JAXP00010005: The name \"{0}\" exceeded the \"{1}\" limit set by \"{2}\". + TotalEntitySizeLimit=JAXP00010004: The accumulated size of entities is \"{1}\" that exceeded the \"{2}\" limit set by \"{3}\". + MaxXMLNameLimit=JAXP00010005: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\". MaxElementDepthLimit=JAXP00010006: The element \"{0}\" has a depth of \"{1}\" that exceeds the limit \"{2}\" set by \"{3}\". diff --git a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties index 6d63ab8..468eb1b 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties +++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties @@ -282,7 +282,7 @@ FacetValueFromBase = FacetValueFromBase: In the declaration of type ''{0}'', value ''{1}'' of facet ''{2}'' must be from the value space of the base type, ''{3}''. FixedFacetValue = FixedFacetValue: In the definition of {3}, the value ''{1}'' for the facet ''{0}'' is invalid, because the value for ''{0}'' has been set to ''{2}'' in one of the ancestor types, and '{'fixed'}' = true. InvalidRegex = InvalidRegex: Pattern value ''{0}'' is not a valid regular expression. The reported error was: ''{1}'' at column ''{2}''. - maxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}. + MaxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}. PublicSystemOnNotation = PublicSystemOnNotation: At least one of ''public'' and ''system'' must appear in element ''notation''. SchemaLocation = SchemaLocation: schemaLocation value = ''{0}'' must have even number of URI''s. TargetNamespace.1 = TargetNamespace.1: Expecting namespace ''{0}'', but the target namespace of the schema document is ''{1}''. diff --git a/src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java b/src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java index 6aa06b8..d094a5b 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java +++ b/src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java @@ -115,7 +115,7 @@ public class CMNodeFactory { System.out.println("nodeCount = " + nodeCount ) ; System.out.println("nodeLimit = " + maxNodeLimit ) ; } - fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "maxOccurLimit", new Object[]{ new Integer(maxNodeLimit) }, XMLErrorReporter.SEVERITY_FATAL_ERROR); + fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "MaxOccurLimit", new Object[]{ new Integer(maxNodeLimit) }, XMLErrorReporter.SEVERITY_FATAL_ERROR); // similarly to entity manager behaviour, take into accont // behaviour if continue-after-fatal-error is set. nodeCount = 0; diff --git a/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java b/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java index 04f4552..92a3a83 100644 --- a/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java +++ b/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java @@ -1193,7 +1193,7 @@ public class XSAttributeChecker { // maxOccurNodeLimit. int maxOccurNodeLimit = fSchemaHandler.fSecureProcessing.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT); if (max > maxOccurNodeLimit && !fSchemaHandler.fSecureProcessing.isNoLimit(maxOccurNodeLimit)) { - reportSchemaFatalError("maxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element); + reportSchemaFatalError("MaxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element); // reset max values in case processing continues on error attrValues[ATTIDX_MAXOCCURS] = fXIntPool.getXInt(maxOccurNodeLimit); diff --git a/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java b/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java index 1a428e3..b2460d9 100644 --- a/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java @@ -128,18 +128,21 @@ public final class XMLLimitAnalyzer { public void addValue(int index, String entityName, int value) { if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() || index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() || - index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) { + index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() || + index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() + ) { totalValue[index] += value; return; } - if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) { + if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() || + index == Limit.MAX_NAME_LIMIT.ordinal()) { totalValue[index] = value; return; } Map<String, Integer> cache; if (caches[index] == null) { - cache = new HashMap<String, Integer>(10); + cache = new HashMap<>(10); caches[index] = cache; } else { cache = caches[index]; @@ -147,10 +150,10 @@ public final class XMLLimitAnalyzer { int accumulatedValue = value; if (cache.containsKey(entityName)) { - accumulatedValue += cache.get(entityName).intValue(); - cache.put(entityName, Integer.valueOf(accumulatedValue)); + accumulatedValue += cache.get(entityName); + cache.put(entityName, accumulatedValue); } else { - cache.put(entityName, Integer.valueOf(value)); + cache.put(entityName, value); } if (accumulatedValue > values[index]) { @@ -223,6 +226,16 @@ public final class XMLLimitAnalyzer { } } + /** + * Resets the current value of the specified limit. + * @param limit The limit to be reset. + */ + public void reset(Limit limit) { + if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) { + totalValue[limit.ordinal()] = 0; + } + } + public void debugPrint(XMLSecurityManager securityManager) { Formatter formatter = new Formatter(); System.out.println(formatter.format("%30s %15s %15s %15s %30s", diff --git a/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java b/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java index c8114e9..7ae6df9 100644 --- a/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -61,20 +61,31 @@ public final class XMLSecurityManager { */ public static enum Limit { - ENTITY_EXPANSION_LIMIT(Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000), - MAX_OCCUR_NODE_LIMIT(Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000), - ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), - TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), - GENERAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0), - PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000), - MAX_ELEMENT_DEPTH_LIMIT(Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0); - + ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", + Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000), + MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", + Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000), + ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", + Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), + TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", + Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), + GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", + Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0), + PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", + Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000), + MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", + Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0), + MAX_NAME_LIMIT("MaxXMLNameLimit", + Constants.JDK_XML_NAME_LIMIT, Constants.SP_XML_NAME_LIMIT, 1000, 1000); + + final String key; final String apiProperty; final String systemProperty; final int defaultValue; final int secureValue; - Limit(String apiProperty, String systemProperty, int value, int secureValue) { + Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) { + this.key = key; this.apiProperty = apiProperty; this.systemProperty = systemProperty; this.defaultValue = value; @@ -89,6 +100,10 @@ public final class XMLSecurityManager { return (propertyName == null) ? false : systemProperty.equals(propertyName); } + public String key() { + return key; + } + public String apiProperty() { return apiProperty; } @@ -97,7 +112,7 @@ public final class XMLSecurityManager { return systemProperty; } - int defaultValue() { + public int defaultValue() { return defaultValue; } @@ -152,7 +167,7 @@ public final class XMLSecurityManager { /** * Index of the special entityCountInfo property */ - private int indexEntityCountInfo = 10000; + private final int indexEntityCountInfo = 10000; private String printEntityCountInfo = ""; /** @@ -433,7 +448,9 @@ public final class XMLSecurityManager { if (index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() || index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() || index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() || - index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) { + index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() || + index == Limit.MAX_NAME_LIMIT.ordinal() + ) { return (limitAnalyzer.getTotalValue(index) > values[index]); } else { return (limitAnalyzer.getValue(index) > values[index]); diff --git a/src/com/sun/xml/internal/stream/Entity.java b/src/com/sun/xml/internal/stream/Entity.java index 9806cf7..fb60ca3 100644 --- a/src/com/sun/xml/internal/stream/Entity.java +++ b/src/com/sun/xml/internal/stream/Entity.java @@ -344,6 +344,9 @@ public abstract class Entity { // to know that prolog is read public boolean xmlDeclChunkRead = false; + // flag to indicate whether the Entity is an Entity Reference + public boolean reference = false; + /** returns the name of the current encoding * @return current encoding name */ @@ -388,10 +391,11 @@ public abstract class Entity { // /** Constructs a scanned entity. */ - public ScannedEntity(String name, + public ScannedEntity(boolean reference, String name, XMLResourceIdentifier entityLocation, InputStream stream, Reader reader, String encoding, boolean literal, boolean mayReadChunks, boolean isExternal) { + this.reference = reference; this.name = name ; this.entityLocation = entityLocation; this.stream = stream; |