8028111: XML readers share the same entity expansion counter
Reviewed-by: alanb, lancea, dfuchs, ahgross
--- a/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java Mon Jan 20 19:53:04 2014 +0000
@@ -79,7 +79,7 @@
/**
* JDK maximum general entity size limit
*/
- public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT =
+ public static final String JDK_GENERAL_ENTITY_SIZE_LIMIT =
ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit";
/**
* JDK maximum parameter entity size limit
@@ -129,7 +129,7 @@
/**
* JDK maximum general entity size limit
*/
- public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit";
+ public static final String SP_GENERAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit";
/**
* JDK maximum parameter entity size limit
*/
--- a/jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Mon Jan 20 19:53:04 2014 +0000
@@ -73,8 +73,8 @@
XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
- GENEAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENEAL_ENTITY_SIZE_LIMIT,
- XalanConstants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0),
+ GENERAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
+ XalanConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000);
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java Mon Jan 20 19:53:04 2014 +0000
@@ -240,7 +240,7 @@
/**
* JDK maximum general entity size limit
*/
- public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT =
+ public static final String JDK_GENERAL_ENTITY_SIZE_LIMIT =
ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit";
/**
* JDK maximum parameter entity size limit
@@ -287,7 +287,7 @@
/**
* JDK maximum general entity size limit
*/
- public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit";
+ public static final String SP_GENERAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit";
/**
* JDK maximum parameter entity size limit
*/
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Mon Jan 20 19:53:04 2014 +0000
@@ -44,6 +44,7 @@
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
import com.sun.org.apache.xerces.internal.impl.Constants;
+import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
import com.sun.xml.internal.stream.Entity;
@@ -262,6 +263,11 @@
fEntityManager.startDTDEntity(inputSource);
} // setInputSource(XMLInputSource)
+
+ public void setLimitAnalyzer(XMLLimitAnalyzer limitAnalyzer) {
+ fLimitAnalyzer = limitAnalyzer;
+ }
+
/**
* Scans the external subset of the document.
*
@@ -1625,10 +1631,10 @@
XMLString literal = fString;
XMLString literal2 = fString;
int countChar = 0;
- if (fLimitAnalyzer == null && fSecurityManager != null) {
- fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
- fLimitAnalyzer.startEntity(entityName);
- }
+ if (fLimitAnalyzer == null ) {
+ fLimitAnalyzer = new XMLLimitAnalyzer();
+ }
+ fLimitAnalyzer.startEntity(entityName);
if (fEntityScanner.scanLiteral(quote, fString) != quote) {
fStringBuffer.clear();
@@ -2145,6 +2151,8 @@
// set starting state
setScannerState(SCANNER_STATE_TEXT_DECL);
//new SymbolTable());
+
+ fLimitAnalyzer = new XMLLimitAnalyzer();
}
/**
@@ -2164,18 +2172,18 @@
*/
private void checkLimit(String entityName, int len) {
if (fLimitAnalyzer == null) {
- fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
+ fLimitAnalyzer = new XMLLimitAnalyzer();
}
fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName, len);
- if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)) {
- fSecurityManager.debugPrint();
+ if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
+ fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("MaxEntitySizeLimit", new Object[]{entityName,
fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)});
}
- if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT)) {
- fSecurityManager.debugPrint();
+ if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
+ fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("TotalEntitySizeLimit",
new Object[]{fLimitAnalyzer.getTotalValue(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT),
fSecurityManager.getLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT),
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Mon Jan 20 19:53:04 2014 +0000
@@ -659,12 +659,12 @@
dtdGrammarUtil = null;
if (fSecurityManager != null) {
- fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
} else {
- fLimitAnalyzer = null;
fElementAttributeLimit = 0;
}
+ fLimitAnalyzer = new XMLLimitAnalyzer();
+ fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
}
/**
@@ -3154,16 +3154,16 @@
*/
protected void checkLimit(XMLStringBuffer buffer) {
if (fLimitAnalyzer.isTracking(fCurrentEntityName)) {
- fLimitAnalyzer.addValue(Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
- if (fSecurityManager.isOverLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT)) {
- fSecurityManager.debugPrint();
+ fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
+ if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
+ fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName,
- fLimitAnalyzer.getValue(Limit.GENEAL_ENTITY_SIZE_LIMIT),
- fSecurityManager.getLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT),
- fSecurityManager.getStateLiteral(Limit.GENEAL_ENTITY_SIZE_LIMIT)});
+ fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT),
+ fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT),
+ fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)});
}
- if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT)) {
- fSecurityManager.debugPrint();
+ if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
+ fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("TotalEntitySizeLimit",
new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java Mon Jan 20 19:53:04 2014 +0000
@@ -1090,6 +1090,8 @@
((XMLDTDScannerImpl)fDTDScanner).reset(fPropertyManager);
}
+
+ fDTDScanner.setLimitAnalyzer(fLimitAnalyzer);
do {
again = false;
switch (fScannerState) {
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Mon Jan 20 19:53:04 2014 +0000
@@ -1300,8 +1300,8 @@
if(fLimitAnalyzer != null) {
fLimitAnalyzer.addValue(entityExpansionIndex, name, 1);
}
- if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex)){
- fSecurityManager.debugPrint();
+ if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex, fLimitAnalyzer)){
+ fSecurityManager.debugPrint(fLimitAnalyzer);
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimitExceeded",
new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)},
XMLErrorReporter.SEVERITY_FATAL_ERROR );
@@ -1368,9 +1368,9 @@
//close the reader
try{
if (fLimitAnalyzer != null) {
- fLimitAnalyzer.endEntity(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntity.name);
+ fLimitAnalyzer.endEntity(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntity.name);
if (fCurrentEntity.name.equals("[xml]")) {
- fSecurityManager.debugPrint();
+ fSecurityManager.debugPrint(fLimitAnalyzer);
}
}
fCurrentEntity.close();
@@ -1439,7 +1439,6 @@
fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);
- fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
// initialize state
//fStandalone = false;
@@ -1501,7 +1500,6 @@
fStaxEntityResolver = (StaxEntityResolverWrapper)componentManager.getProperty(STAX_ENTITY_RESOLVER, null);
fValidationManager = (ValidationManager)componentManager.getProperty(VALIDATION_MANAGER, null);
fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER, null);
- fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
entityExpansionIndex = fSecurityManager.getIndex(Constants.JDK_ENTITY_EXPANSION_LIMIT);
// JAXP 1.5 feature
@@ -1659,7 +1657,6 @@
if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() &&
propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) {
fSecurityManager = (XMLSecurityManager)value;
- fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
}
}
@@ -1668,8 +1665,13 @@
{
XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value;
fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
- }
}
+ }
+
+ public void setLimitAnalyzer(XMLLimitAnalyzer fLimitAnalyzer) {
+ this.fLimitAnalyzer = fLimitAnalyzer;
+ }
+
/**
* Returns a list of property identifiers that are recognized by
* this component. This method may return null if no properties
--- a/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Mon Jan 20 19:53:04 2014 +0000
@@ -77,7 +77,6 @@
}
}
- private XMLSecurityManager securityManager;
/**
* Max value accumulated for each property
*/
@@ -101,8 +100,7 @@
* Default constructor. Establishes default values for known security
* vulnerabilities.
*/
- public XMLLimitAnalyzer(XMLSecurityManager securityManager) {
- this.securityManager = securityManager;
+ public XMLLimitAnalyzer() {
values = new int[Limit.values().length];
totalValue = new int[Limit.values().length];
names = new String[Limit.values().length];
@@ -157,7 +155,7 @@
}
- if (index == Limit.GENEAL_ENTITY_SIZE_LIMIT.ordinal() ||
+ if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() ||
index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) {
totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value;
}
@@ -221,7 +219,7 @@
}
}
- public void debugPrint() {
+ public void debugPrint(XMLSecurityManager securityManager) {
Formatter formatter = new Formatter();
System.out.println(formatter.format("%30s %15s %15s %15s %30s",
"Property","Limit","Total size","Size","Entity Name"));
--- a/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Mon Jan 20 19:53:04 2014 +0000
@@ -65,7 +65,7 @@
MAX_OCCUR_NODE_LIMIT(Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000),
ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
- GENEAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENEAL_ENTITY_SIZE_LIMIT, Constants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0),
+ GENERAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000);
final String apiProperty;
@@ -148,7 +148,6 @@
private boolean[] isSet;
- private XMLLimitAnalyzer limitAnalyzer;
/**
* Index of the special entityCountInfo property
*/
@@ -169,7 +168,6 @@
* @param secureProcessing
*/
public XMLSecurityManager(boolean secureProcessing) {
- limitAnalyzer = new XMLLimitAnalyzer(this);
values = new int[Limit.values().length];
states = new State[Limit.values().length];
isSet = new boolean[Limit.values().length];
@@ -249,13 +247,15 @@
if (index == indexEntityCountInfo) {
printEntityCountInfo = (String)value;
} else {
- int temp = 0;
- try {
+ int temp;
+ if (Integer.class.isAssignableFrom(value.getClass())) {
+ temp = ((Integer)value).intValue();
+ } else {
temp = Integer.parseInt((String) value);
if (temp < 0) {
temp = 0;
}
- } catch (NumberFormatException e) {}
+ }
setLimit(index, state, temp);
}
}
@@ -387,8 +387,9 @@
* @param size the size (count or length) of the entity
* @return true if the size is over the limit, false otherwise
*/
- public boolean isOverLimit(Limit limit, String entityName, int size) {
- return isOverLimit(limit.ordinal(), entityName, size);
+ public boolean isOverLimit(Limit limit, String entityName, int size,
+ XMLLimitAnalyzer limitAnalyzer) {
+ return isOverLimit(limit.ordinal(), entityName, size, limitAnalyzer);
}
/**
@@ -400,7 +401,8 @@
* @param size the size (count or length) of the entity
* @return true if the size is over the limit, false otherwise
*/
- public boolean isOverLimit(int index, String entityName, int size) {
+ public boolean isOverLimit(int index, String entityName, int size,
+ XMLLimitAnalyzer limitAnalyzer) {
if (values[index] == NO_LIMIT) {
return false;
}
@@ -418,11 +420,11 @@
* @param size the size (count or length) of the entity
* @return true if the size is over the limit, false otherwise
*/
- public boolean isOverLimit(Limit limit) {
- return isOverLimit(limit.ordinal());
+ public boolean isOverLimit(Limit limit, XMLLimitAnalyzer limitAnalyzer) {
+ return isOverLimit(limit.ordinal(), limitAnalyzer);
}
- public boolean isOverLimit(int index) {
+ public boolean isOverLimit(int index, XMLLimitAnalyzer limitAnalyzer) {
if (values[index] == NO_LIMIT) {
return false;
}
@@ -436,29 +438,12 @@
}
}
- public void debugPrint() {
+ public void debugPrint(XMLLimitAnalyzer limitAnalyzer) {
if (printEntityCountInfo.equals(Constants.JDK_YES)) {
- limitAnalyzer.debugPrint();
+ limitAnalyzer.debugPrint(this);
}
}
- /**
- * Return the limit analyzer
- *
- * @return the limit analyzer
- */
- public XMLLimitAnalyzer getLimitAnalyzer() {
- return limitAnalyzer;
- }
-
- /**
- * Set limit analyzer
- *
- * @param analyzer a limit analyzer
- */
- public void setLimitAnalyzer(XMLLimitAnalyzer analyzer) {
- limitAnalyzer = analyzer;
- }
/**
* Indicate if a property is set explicitly
--- a/jaxp/src/com/sun/org/apache/xerces/internal/xni/parser/XMLDTDScanner.java Thu Nov 14 10:18:48 2013 -0800
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/xni/parser/XMLDTDScanner.java Mon Jan 20 19:53:04 2014 +0000
@@ -20,6 +20,7 @@
package com.sun.org.apache.xerces.internal.xni.parser;
+import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
import java.io.IOException;
import com.sun.org.apache.xerces.internal.xni.XNIException;
@@ -95,4 +96,5 @@
public boolean scanDTDExternalSubset(boolean complete)
throws IOException, XNIException;
+ public void setLimitAnalyzer(XMLLimitAnalyzer limitAnalyzer);
} // interface XMLDTDScanner