stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8086733: Improve namespace handling

Browse Source 
Reviewed-by: dfuchs, lancea, ahgross
This commit is contained in:
Joe Wang 2015-07-07 15:56:38 -07:00
parent a9f9be2377
commit 1e46af2eae
18 changed files with 283 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
jaxp/src/java.xml/share/classes/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java
View File

@ -65,27 +65,31 @@ public final class XMLSecurityManager {
*/
public static enum Limit {
ENTITY_EXPANSION_LIMIT(XalanConstants.JDK_ENTITY_EXPANSION_LIMIT,
ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", XalanConstants.JDK_ENTITY_EXPANSION_LIMIT,
XalanConstants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
MAX_OCCUR_NODE_LIMIT(XalanConstants.JDK_MAX_OCCUR_LIMIT,
MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", XalanConstants.JDK_MAX_OCCUR_LIMIT,
XalanConstants.SP_MAX_OCCUR_LIMIT, 0, 5000),
ELEMENT_ATTRIBUTE_LIMIT(XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
GENERAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
XalanConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
MAX_ELEMENT_DEPTH_LIMIT(XalanConstants.JDK_MAX_ELEMENT_DEPTH,
XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0);
MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", XalanConstants.JDK_MAX_ELEMENT_DEPTH,
XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0),
MAX_NAME_LIMIT("MaxXMLNameLimit", XalanConstants.JDK_XML_NAME_LIMIT,
XalanConstants.SP_XML_NAME_LIMIT, 1000, 1000);
final String key;
final String apiProperty;
final String systemProperty;
final int defaultValue;
final int secureValue;
Limit(String apiProperty, String systemProperty, int value, int secureValue) {
Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) {
this.key = key;
this.apiProperty = apiProperty;
this.systemProperty = systemProperty;
this.defaultValue = value;
@ -100,6 +104,10 @@ public final class XMLSecurityManager {
return (propertyName == null) ? false : systemProperty.equals(propertyName);
}
public String key() {
return key;
}
public String apiProperty() {
return apiProperty;
}
@ -108,7 +116,7 @@ public final class XMLSecurityManager {
return systemProperty;
}
int defaultValue() {
public int defaultValue() {
return defaultValue;
}
@ -160,7 +168,7 @@ public final class XMLSecurityManager {
/**
* Index of the special entityCountInfo property
*/
private int indexEntityCountInfo = 10000;
private final int indexEntityCountInfo = 10000;
private String printEntityCountInfo = "";
/**

2
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java
View File

@ -331,7 +331,7 @@ public class XML11DocumentScannerImpl
new Object[]{entityName});
}
}
fEntityManager.startEntity(entityName, true);
fEntityManager.startEntity(false, entityName, true);
}
}
}

80
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java
View File

@ -1,62 +1,21 @@
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
*/
/*
* The Apache Software License, Version 1.1
* Copyright 2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* Copyright (c) 1999-2002 The Apache Software Foundation.
* All rights reserved.
* http://www.apache.org/licenses/LICENSE-2.0
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Xerces" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 1999, International
* Business Machines, Inc., http://www.apache.org. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.sun.org.apache.xerces.internal.impl;
@ -65,6 +24,8 @@ import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
import com.sun.org.apache.xerces.internal.util.XML11Char;
import com.sun.org.apache.xerces.internal.util.XMLChar;
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
import com.sun.org.apache.xerces.internal.xni.QName;
import com.sun.org.apache.xerces.internal.xni.XMLString;
import java.io.IOException;
@ -689,9 +650,13 @@ public class XML11EntityScanner
break;
}
index = fCurrentEntity.position;
//check prefix before further read
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, index - offset);
}
if (++fCurrentEntity.position == fCurrentEntity.count) {
int length = fCurrentEntity.position - offset;
//check localpart before loading more data
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length - index - 1);
invokeListeners(length);
if (length == fCurrentEntity.ch.length) {
// bad luck we have to resize our buffer
@ -785,6 +750,8 @@ public class XML11EntityScanner
offset, length);
if (index != -1) {
int prefixLength = index - offset;
//check the result: prefix
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, prefixLength);
prefix = fSymbolTable.addSymbol(fCurrentEntity.ch,
offset, prefixLength);
int len = length - prefixLength - 1;
@ -797,12 +764,16 @@ public class XML11EntityScanner
null,
XMLErrorReporter.SEVERITY_FATAL_ERROR);
}
//check the result: localpart
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, index + 1, len);
localpart = fSymbolTable.addSymbol(fCurrentEntity.ch,
index + 1, len);
}
else {
localpart = rawname;
//check the result: localpart
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length);
}
qname.setValues(prefix, localpart, rawname, null);
return true;
@ -933,6 +904,9 @@ public class XML11EntityScanner
}
int length = fCurrentEntity.position - offset;
fCurrentEntity.columnNumber += length - newlines;
if (fCurrentEntity.reference) {
checkLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fCurrentEntity, offset, length);
}
content.setValues(fCurrentEntity.ch, offset, length);
// return next character

119
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java
View File

@ -1,62 +1,21 @@
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
*/
/*
* The Apache Software License, Version 1.1
* Copyright 2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* Copyright (c) 1999-2003 The Apache Software Foundation.
* All rights reserved.
* http://www.apache.org/licenses/LICENSE-2.0
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Xerces" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2002, International
* Business Machines, Inc., http://www.apache.org. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.sun.org.apache.xerces.internal.impl;
@ -67,6 +26,7 @@ import com.sun.org.apache.xerces.internal.impl.dtd.XMLDTDValidatorFilter;
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
import com.sun.org.apache.xerces.internal.xni.QName;
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@ -339,36 +299,37 @@ public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
}
// call handler
if (empty) {
//decrease the markup depth..
fMarkupDepth--;
if (empty) {
//decrease the markup depth..
fMarkupDepth--;
// check that this element was opened in the same entity
if (fMarkupDepth < fEntityStack[fEntityDepth - 1]) {
reportFatalError(
"ElementEntityMismatch",
new Object[] { fCurrentElement.rawname });
}
// check that this element was opened in the same entity
if (fMarkupDepth < fEntityStack[fEntityDepth - 1]) {
reportFatalError(
"ElementEntityMismatch",
new Object[] { fCurrentElement.rawname });
}
if (fDocumentHandler != null) {
fDocumentHandler.emptyElement(fElementQName, fAttributes, null);
}
/*if (fBindNamespaces) {
fNamespaceContext.popContext();
}*/
fScanEndElement = true;
/*if (fBindNamespaces) {
fNamespaceContext.popContext();
}*/
fScanEndElement = true;
//pop the element off the stack..
fElementStack.popElement();
} else {
//pop the element off the stack..
fElementStack.popElement();
} else {
if(dtdGrammarUtil != null) {
dtdGrammarUtil.startElement(fElementQName, fAttributes);
}
if(dtdGrammarUtil != null)
dtdGrammarUtil.startElement(fElementQName, fAttributes);
if (fDocumentHandler != null)
if (fDocumentHandler != null) {
fDocumentHandler.startElement(fElementQName, fAttributes, null);
}
}
if (DEBUG_START_END_ELEMENT)
System.out.println("<<< scanStartElement(): " + empty);
@ -678,7 +639,13 @@ public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
if (prefix == XMLSymbols.PREFIX_XMLNS
|| prefix == XMLSymbols.EMPTY_STRING
&& localpart == XMLSymbols.PREFIX_XMLNS) {
if (value.length() > fXMLNameLimit) {
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
"MaxXMLNameLimit",
new Object[]{value, value.length(), fXMLNameLimit,
fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.MAX_NAME_LIMIT)},
XMLErrorReporter.SEVERITY_FATAL_ERROR);
}
// get the internalized value of this attribute
String uri = fSymbolTable.addSymbol(value);

54
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/*
@ -368,6 +368,8 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
}
// we're done, set starting state for external subset
setScannerState(SCANNER_STATE_TEXT_DECL);
// we're done scanning DTD.
fLimitAnalyzer.reset(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT);
return false;
}
} while (complete);
@ -703,7 +705,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
fErrorReporter.reportError( XMLMessageFormatter.XML_DOMAIN,"EntityNotDeclared",
new Object[]{name}, XMLErrorReporter.SEVERITY_ERROR);
}
fEntityManager.startEntity(fSymbolTable.addSymbol(pName),
fEntityManager.startEntity(false, fSymbolTable.addSymbol(pName),
literal);
// if we actually got a new entity and it's external
// parse text decl if there is any
@ -1631,7 +1633,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
XMLString literal2 = fString;
int countChar = 0;
if (fLimitAnalyzer == null ) {
fLimitAnalyzer = new XMLLimitAnalyzer();
fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
fLimitAnalyzer.startEntity(entityName);
@ -1639,9 +1641,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
fStringBuffer.clear();
fStringBuffer2.clear();
do {
if (isPEDecl && fLimitAnalyzer != null) {
checkLimit("%" + entityName, fString.length + countChar);
}
checkEntityLimit(isPEDecl, entityName, fString.length + countChar);
countChar = 0;
fStringBuffer.append(fString);
fStringBuffer2.append(fString);
@ -1727,9 +1727,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
literal = fStringBuffer;
literal2 = fStringBuffer2;
} else {
if (isPEDecl) {
checkLimit("%" + entityName, literal);
}
checkEntityLimit(isPEDecl, entityName, literal);
}
value.setValues(literal);
nonNormalizedValue.setValues(literal2);
@ -2151,35 +2149,49 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
setScannerState(SCANNER_STATE_TEXT_DECL);
//new SymbolTable());
fLimitAnalyzer = new XMLLimitAnalyzer();
fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
fSecurityManager = fEntityManager.fSecurityManager;
}
/**
* Add the count of the content buffer and check if the accumulated
* value exceeds the limit
* @param isPEDecl a flag to indicate whether the entity is parameter
* @param entityName entity name
* @param buffer content buffer
*/
private void checkLimit(String entityName, XMLString buffer) {
checkLimit(entityName, buffer.length);
private void checkEntityLimit(boolean isPEDecl, String entityName, XMLString buffer) {
checkEntityLimit(isPEDecl, entityName, buffer.length);
}
/**
* Add the count and check limit
* @param isPEDecl a flag to indicate whether the entity is parameter
* @param entityName entity name
* @param len length of the buffer
*/
private void checkLimit(String entityName, int len) {
private void checkEntityLimit(boolean isPEDecl, String entityName, int len) {
if (fLimitAnalyzer == null) {
fLimitAnalyzer = new XMLLimitAnalyzer();
fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName, len);
if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("MaxEntitySizeLimit", new Object[]{entityName,
fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)});
if (isPEDecl) {
fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, "%" + entityName, len);
if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("MaxEntitySizeLimit", new Object[]{"%" + entityName,
fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)});
}
} else {
fLimitAnalyzer.addValue(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, entityName, len);
if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("MaxEntitySizeLimit", new Object[]{entityName,
fLimitAnalyzer.getValue(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT),
fSecurityManager.getLimit(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT),
fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT)});
}
}
if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
fSecurityManager.debugPrint(fLimitAnalyzer);

40
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
View File

@ -88,7 +88,7 @@ public class XMLDocumentFragmentScannerImpl
// Constants
//
protected int fElementAttributeLimit;
protected int fElementAttributeLimit, fXMLNameLimit;
/** External subset resolver. **/
protected ExternalSubsetResolver fExternalSubsetResolver;
@ -426,7 +426,7 @@ public class XMLDocumentFragmentScannerImpl
*/
public void setInputSource(XMLInputSource inputSource) throws IOException {
fEntityManager.setEntityHandler(this);
fEntityManager.startEntity("$fragment$", inputSource, false, true);
fEntityManager.startEntity(false, "$fragment$", inputSource, false, true);
// fDocumentSystemId = fEntityManager.expandSystemId(inputSource.getSystemId());
} // setInputSource(XMLInputSource)
@ -661,11 +661,12 @@ public class XMLDocumentFragmentScannerImpl
if (fSecurityManager != null) {
fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
} else {
fElementAttributeLimit = 0;
fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
}
fLimitAnalyzer = new XMLLimitAnalyzer();
fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
/**
@ -1906,7 +1907,7 @@ public class XMLDocumentFragmentScannerImpl
//if that was the case it its taken care in XMLEntityManager.startEntity()
//we immediately call the endEntity. Application gets to know if there was
//any entity that was not declared.
fEntityManager.startEntity(name, false);
fEntityManager.startEntity(true, name, false);
//set the scaner state to content.. parser will automatically revive itself at any point of time.
//setScannerState(SCANNER_STATE_CONTENT);
//return true ;
@ -2855,8 +2856,6 @@ public class XMLDocumentFragmentScannerImpl
if(DEBUG){
System.out.println("NOT USING THE BUFFER, STRING = " + fTempString.toString());
}
//check limit before returning event
checkLimit(fContentBuffer);
if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){
if(DEBUG)System.out.println("Return SPACE EVENT");
return XMLEvent.SPACE;
@ -2955,8 +2954,6 @@ public class XMLDocumentFragmentScannerImpl
fLastSectionWasCharacterData = true ;
continue;
}else{
//check limit before returning event
checkLimit(fContentBuffer);
if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){
if(DEBUG)System.out.println("Return SPACE EVENT");
return XMLEvent.SPACE;
@ -3172,31 +3169,6 @@ public class XMLDocumentFragmentScannerImpl
} //while loop
}//next
/**
* Add the count of the content buffer and check if the accumulated
* value exceeds the limit
* @param buffer content buffer
*/
protected void checkLimit(XMLStringBuffer buffer) {
if (fLimitAnalyzer.isTracking(fCurrentEntityName)) {
fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName,
fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT),
fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT),
fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)});
}
if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
fSecurityManager.debugPrint(fLimitAnalyzer);
reportFatalError("TotalEntitySizeLimit",
new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)});
}
}
}
//
// Protected methods
//

38
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
View File

@ -404,6 +404,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
* If this constructor is used to create the object, reset() should be invoked on this object
*/
public XMLEntityManager() {
//for entity managers not created by parsers
fSecurityManager = new XMLSecurityManager(true);
fEntityStorage = new XMLEntityStorage(this) ;
setScannerVersion(Constants.XML_VERSION_1_0);
} // <init>()
@ -581,6 +583,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
/**
* This method uses the passed-in XMLInputSource to make
* fCurrentEntity usable for reading.
*
* @param reference flag to indicate whether the entity is an Entity Reference.
* @param name name of the entity (XML is it's the document entity)
* @param xmlInputSource the input source, with sufficient information
* to begin scanning characters.
@ -591,7 +595,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
* XNIException If any parser-specific goes wrong.
* @return the encoding of the new entity or null if a character stream was employed
*/
public String setupCurrentEntity(String name, XMLInputSource xmlInputSource,
public String setupCurrentEntity(boolean reference, String name, XMLInputSource xmlInputSource,
boolean literal, boolean isExternal)
throws IOException, XNIException {
// get information
@ -834,7 +838,9 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
* in the prolog of the XML document is not considered. Hence, prolog can
* be read in Chunks of data instead of byte by byte.
*/
fCurrentEntity = new com.sun.xml.internal.stream.Entity.ScannedEntity(name,new XMLResourceIdentifierImpl(publicId, literalSystemId, baseSystemId, expandedSystemId),stream, reader, encoding, literal, encodingExternallySpecified, isExternal);
fCurrentEntity = new Entity.ScannedEntity(reference, name,
new XMLResourceIdentifierImpl(publicId, literalSystemId, baseSystemId, expandedSystemId),
stream, reader, encoding, literal, encodingExternallySpecified, isExternal);
fCurrentEntity.setEncodingExternallySpecified(encodingExternallySpecified);
fEntityScanner.setCurrentEntity(fCurrentEntity);
fResourceIdentifier.setValues(publicId, literalSystemId, baseSystemId, expandedSystemId);
@ -1102,6 +1108,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
/**
* Starts a named entity.
*
* @param reference flag to indicate whether the entity is an Entity Reference.
* @param entityName The name of the entity to start.
* @param literal True if this entity is started within a literal
* value.
@ -1109,7 +1116,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
* @throws IOException Thrown on i/o error.
* @throws XNIException Thrown by entity handler to signal an error.
*/
public void startEntity(String entityName, boolean literal)
public void startEntity(boolean reference, String entityName, boolean literal)
throws IOException, XNIException {
// was entity declared?
@ -1233,7 +1240,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
}
// start the entity
startEntity(entityName, xmlInputSource, literal, external);
startEntity(reference, entityName, xmlInputSource, literal, external);
} // startEntity(String,boolean)
@ -1248,7 +1255,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
*/
public void startDocumentEntity(XMLInputSource xmlInputSource)
throws IOException, XNIException {
startEntity(XMLEntity, xmlInputSource, false, true);
startEntity(false, XMLEntity, xmlInputSource, false, true);
} // startDocumentEntity(XMLInputSource)
//xxx these methods are not required.
@ -1263,7 +1270,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
*/
public void startDTDEntity(XMLInputSource xmlInputSource)
throws IOException, XNIException {
startEntity(DTDEntity, xmlInputSource, false, true);
startEntity(false, DTDEntity, xmlInputSource, false, true);
} // startDTDEntity(XMLInputSource)
// indicate start of external subset so that
@ -1282,6 +1289,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
* This method can be used to insert an application defined XML
* entity stream into the parsing stream.
*
* @param reference flag to indicate whether the entity is an Entity Reference.
* @param name The name of the entity.
* @param xmlInputSource The input source of the entity.
* @param literal True if this entity is started within a
@ -1291,12 +1299,12 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
* @throws IOException Thrown on i/o error.
* @throws XNIException Thrown by entity handler to signal an error.
*/
public void startEntity(String name,
public void startEntity(boolean reference, String name,
XMLInputSource xmlInputSource,
boolean literal, boolean isExternal)
throws IOException, XNIException {
String encoding = setupCurrentEntity(name, xmlInputSource, literal, isExternal);
String encoding = setupCurrentEntity(reference, name, xmlInputSource, literal, isExternal);
//when entity expansion limit is set by the Application, we need to
//check for the entity expansion limit set by the parser, if number of entity
@ -1308,7 +1316,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
}
if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex, fLimitAnalyzer)){
fSecurityManager.debugPrint(fLimitAnalyzer);
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimitExceeded",
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimit",
new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)},
XMLErrorReporter.SEVERITY_FATAL_ERROR );
// is there anything better to do than reset the counter?
@ -1424,10 +1432,6 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
// XMLComponent methods
//
public void reset(PropertyManager propertyManager){
//reset fEntityStorage
fEntityStorage.reset(propertyManager);
//reset XMLEntityReaderImpl
fEntityScanner.reset(propertyManager);
// xerces properties
fSymbolTable = (SymbolTable)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY);
fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.ERROR_REPORTER_PROPERTY);
@ -1450,6 +1454,12 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);
fLimitAnalyzer = new XMLLimitAnalyzer();
//reset fEntityStorage
fEntityStorage.reset(propertyManager);
//reset XMLEntityReaderImpl
fEntityScanner.reset(propertyManager);
// initialize state
//fStandalone = false;
fEntities.clear();
@ -1536,7 +1546,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
// a class acting as a component manager but not
// implementing that interface for whatever reason.
public void reset() {
fLimitAnalyzer = new XMLLimitAnalyzer();
// initialize state
fStandalone = false;
fEntities.clear();

69
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/*
@ -30,10 +30,14 @@ import com.sun.org.apache.xerces.internal.util.EncodingMap;
import com.sun.org.apache.xerces.internal.util.SymbolTable;
import com.sun.org.apache.xerces.internal.util.XMLChar;
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
import com.sun.org.apache.xerces.internal.xni.*;
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
import com.sun.xml.internal.stream.Entity;
import com.sun.xml.internal.stream.Entity.ScannedEntity;
import com.sun.xml.internal.stream.XMLBufferListener;
import java.io.EOFException;
import java.io.IOException;
@ -60,6 +64,12 @@ public class XMLEntityScanner implements XMLLocator {
protected XMLEntityManager fEntityManager ;
/** Security manager. */
protected XMLSecurityManager fSecurityManager = null;
/** Limit analyzer. */
protected XMLLimitAnalyzer fLimitAnalyzer = null;
/** Debug switching readers for encodings. */
private static final boolean DEBUG_ENCODINGS = false;
/** Listeners which should know when load is being called */
@ -174,10 +184,7 @@ public class XMLEntityScanner implements XMLLocator {
public void reset(PropertyManager propertyManager){
fSymbolTable = (SymbolTable)propertyManager.getProperty(SYMBOL_TABLE) ;
fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(ERROR_REPORTER) ;
fCurrentEntity = null;
whiteSpaceLen = 0;
whiteSpaceInfoNeeded = true;
listeners.clear();
resetCommon();
}
/**
@ -196,18 +203,13 @@ public class XMLEntityScanner implements XMLLocator {
*/
public void reset(XMLComponentManager componentManager)
throws XMLConfigurationException {
//System.out.println(" this is being called");
// xerces features
fAllowJavaEncodings = componentManager.getFeature(ALLOW_JAVA_ENCODINGS, false);
//xerces properties
fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE);
fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER);
fCurrentEntity = null;
whiteSpaceLen = 0;
whiteSpaceInfoNeeded = true;
listeners.clear();
resetCommon();
} // reset(XMLComponentManager)
@ -217,6 +219,17 @@ public class XMLEntityScanner implements XMLLocator {
fSymbolTable = symbolTable;
fEntityManager = entityManager;
fErrorReporter = reporter;
fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
fSecurityManager = fEntityManager.fSecurityManager;
}
private void resetCommon() {
fCurrentEntity = null;
whiteSpaceLen = 0;
whiteSpaceInfoNeeded = true;
listeners.clear();
fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
fSecurityManager = fEntityManager.fSecurityManager;
}
/**
@ -813,9 +826,13 @@ public class XMLEntityScanner implements XMLLocator {
break;
}
index = fCurrentEntity.position;
//check prefix before further read
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, index - offset);
}
if (++fCurrentEntity.position == fCurrentEntity.count) {
int length = fCurrentEntity.position - offset;
//check localpart before loading more data
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length - index - 1);
invokeListeners(length);
if (length == fCurrentEntity.fBufferSize) {
// bad luck we have to resize our buffer
@ -847,14 +864,20 @@ public class XMLEntityScanner implements XMLLocator {
if (index != -1) {
int prefixLength = index - offset;
//check the result: prefix
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, prefixLength);
prefix = fSymbolTable.addSymbol(fCurrentEntity.ch,
offset, prefixLength);
int len = length - prefixLength - 1;
//check the result: localpart
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, index + 1, len);
localpart = fSymbolTable.addSymbol(fCurrentEntity.ch,
index + 1, len);
} else {
localpart = rawname;
//check the result: localpart
checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length);
}
qname.setValues(prefix, localpart, rawname, null);
if (DEBUG_BUFFER) {
@ -876,6 +899,27 @@ public class XMLEntityScanner implements XMLLocator {
} // scanQName(QName):boolean
/**
* Checks whether the value of the specified Limit exceeds its limit
*
* @param limit The Limit to be checked.
* @param entity The current entity.
* @param offset The index of the first byte
* @param length The length of the entity scanned.
*/
protected void checkLimit(Limit limit, ScannedEntity entity, int offset, int length) {
fLimitAnalyzer.addValue(limit, null, length);
if (fSecurityManager.isOverLimit(limit, fLimitAnalyzer)) {
fSecurityManager.debugPrint(fLimitAnalyzer);
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, limit.key(),
new Object[]{new String(entity.ch, offset, length),
fLimitAnalyzer.getTotalValue(limit),
fSecurityManager.getLimit(limit),
fSecurityManager.getStateLiteral(limit)},
XMLErrorReporter.SEVERITY_FATAL_ERROR);
}
}
/**
* CHANGED:
* Scans a range of parsed character data, This function appends the character data to
@ -994,6 +1038,9 @@ public class XMLEntityScanner implements XMLLocator {
}
int length = fCurrentEntity.position - offset;
fCurrentEntity.columnNumber += length - newlines;
if (fCurrentEntity.reference) {
checkLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fCurrentEntity, offset, length);
}
//CHANGED: dont replace the value.. append to the buffer. This gives control to the callee
//on buffering the data..

13
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/*
@ -37,6 +37,7 @@ import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
import com.sun.org.apache.xerces.internal.xni.XMLAttributes;
import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamConstants;
@ -452,7 +453,15 @@ public class XMLNSDocumentScannerImpl
// it's a namespace declaration. but prefix:xmlns="..." isn't.
if (prefix == XMLSymbols.PREFIX_XMLNS ||
prefix == XMLSymbols.EMPTY_STRING && localpart == XMLSymbols.PREFIX_XMLNS) {
//check the length of URI
if (tmpStr.length > fXMLNameLimit) {
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
"MaxXMLNameLimit",
new Object[]{new String(tmpStr.ch,tmpStr.offset,tmpStr.length),
tmpStr.length, fXMLNameLimit,
fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.MAX_NAME_LIMIT)},
XMLErrorReporter.SEVERITY_FATAL_ERROR);
}
// get the internalized value of this attribute
String uri = fSymbolTable.addSymbol(tmpStr.ch,tmpStr.offset,tmpStr.length);
value = uri;

2
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLScanner.java
View File

@ -946,7 +946,7 @@ public abstract class XMLScanner
new Object[]{entityName});
}
}
fEntityManager.startEntity(entityName, true);
fEntityManager.startEntity(false, entityName, true);
}
}
}

2
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java
View File

@ -186,7 +186,7 @@ public class XMLVersionDetector {
* @throws IOException
*/
public short determineDocVersion(XMLInputSource inputSource) throws IOException {
fEncoding = fEntityManager.setupCurrentEntity(fXMLSymbol, inputSource, false, true);
fEncoding = fEntityManager.setupCurrentEntity(false, fXMLSymbol, inputSource, false, true);
// Must use XML 1.0 scanner to handle whitespace correctly
// in the XML declaration.

6
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties
View File

@ -294,10 +294,10 @@
# Implementation limits
EntityExpansionLimitExceeded=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK.
EntityExpansionLimit=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK.
ElementAttributeLimit=JAXP00010002: Element \"{0}\" has more than \"{1}\" attributes, \"{1}\" is the limit imposed by the JDK.
MaxEntitySizeLimit=JAXP00010003: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".
TotalEntitySizeLimit=JAXP00010004: The accumulated size \"{0}\" of entities exceeded the \"{1}\" limit set by \"{2}\".
MaxXMLNameLimit=JAXP00010005: The name \"{0}\" exceeded the \"{1}\" limit set by \"{2}\".
TotalEntitySizeLimit=JAXP00010004: The accumulated size of entities is \"{1}\" that exceeded the \"{2}\" limit set by \"{3}\".
MaxXMLNameLimit=JAXP00010005: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".
MaxElementDepthLimit=JAXP00010006: The element \"{0}\" has a depth of \"{1}\" that exceeds the limit \"{2}\" set by \"{3}\".

2
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties
View File

@ -289,7 +289,7 @@
FacetValueFromBase = FacetValueFromBase: In the declaration of type ''{0}'', value ''{1}'' of facet ''{2}'' must be from the value space of the base type, ''{3}''.
FixedFacetValue = FixedFacetValue: In the definition of {3}, the value ''{1}'' for the facet ''{0}'' is invalid, because the value for ''{0}'' has been set to ''{2}'' in one of the ancestor types, and '{'fixed'}' = true.
InvalidRegex = InvalidRegex: Pattern value ''{0}'' is not a valid regular expression. The reported error was: ''{1}'' at column ''{2}''.
maxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}.
MaxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}.
PublicSystemOnNotation = PublicSystemOnNotation: At least one of ''public'' and ''system'' must appear in element ''notation''.
SchemaLocation = SchemaLocation: schemaLocation value = ''{0}'' must have even number of URI''s.
TargetNamespace.1 = TargetNamespace.1: Expecting namespace ''{0}'', but the target namespace of the schema document is ''{1}''.

2
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java
View File

@ -117,7 +117,7 @@ public class CMNodeFactory {
System.out.println("nodeCount = " + nodeCount ) ;
System.out.println("nodeLimit = " + maxNodeLimit ) ;
}
fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "maxOccurLimit", new Object[]{ new Integer(maxNodeLimit) }, XMLErrorReporter.SEVERITY_FATAL_ERROR);
fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "MaxOccurLimit", new Object[]{ new Integer(maxNodeLimit) }, XMLErrorReporter.SEVERITY_FATAL_ERROR);
// similarly to entity manager behaviour, take into accont
// behaviour if continue-after-fatal-error is set.
nodeCount = 0;

2
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java
View File

@ -1193,7 +1193,7 @@ public class XSAttributeChecker {
// maxOccurNodeLimit.
int maxOccurNodeLimit = fSchemaHandler.fSecureProcessing.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT);
if (max > maxOccurNodeLimit && !fSchemaHandler.fSecureProcessing.isNoLimit(maxOccurNodeLimit)) {
reportSchemaFatalError("maxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element);
reportSchemaFatalError("MaxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element);
// reset max values in case processing continues on error
attrValues[ATTIDX_MAXOCCURS] = fXIntPool.getXInt(maxOccurNodeLimit);

25
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java
View File

@ -128,18 +128,21 @@ public final class XMLLimitAnalyzer {
public void addValue(int index, String entityName, int value) {
if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) {
index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()
) {
totalValue[index] += value;
return;
}
if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
index == Limit.MAX_NAME_LIMIT.ordinal()) {
totalValue[index] = value;
return;
}
Map<String, Integer> cache;
if (caches[index] == null) {
cache = new HashMap<String, Integer>(10);
cache = new HashMap<>(10);
caches[index] = cache;
} else {
cache = caches[index];
@ -147,10 +150,10 @@ public final class XMLLimitAnalyzer {
int accumulatedValue = value;
if (cache.containsKey(entityName)) {
accumulatedValue += cache.get(entityName).intValue();
cache.put(entityName, Integer.valueOf(accumulatedValue));
accumulatedValue += cache.get(entityName);
cache.put(entityName, accumulatedValue);
} else {
cache.put(entityName, Integer.valueOf(value));
cache.put(entityName, value);
}
if (accumulatedValue > values[index]) {
@ -223,6 +226,16 @@ public final class XMLLimitAnalyzer {
}
}
/**
* Resets the current value of the specified limit.
* @param limit The limit to be reset.
*/
public void reset(Limit limit) {
if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
totalValue[limit.ordinal()] = 0;
}
}
public void debugPrint(XMLSecurityManager securityManager) {
Formatter formatter = new Formatter();
System.out.println(formatter.format("%30s %15s %15s %15s %30s",

41
jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -61,20 +61,31 @@ public final class XMLSecurityManager {
*/
public static enum Limit {
ENTITY_EXPANSION_LIMIT(Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
MAX_OCCUR_NODE_LIMIT(Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000),
ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
GENERAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
MAX_ELEMENT_DEPTH_LIMIT(Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0);
ENTITY_EXPANSION_LIMIT("EntityExpansionLimit",
Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
MAX_OCCUR_NODE_LIMIT("MaxOccurLimit",
Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000),
ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit",
Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit",
Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit",
Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0),
MAX_NAME_LIMIT("MaxXMLNameLimit",
Constants.JDK_XML_NAME_LIMIT, Constants.SP_XML_NAME_LIMIT, 1000, 1000);
final String key;
final String apiProperty;
final String systemProperty;
final int defaultValue;
final int secureValue;
Limit(String apiProperty, String systemProperty, int value, int secureValue) {
Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) {
this.key = key;
this.apiProperty = apiProperty;
this.systemProperty = systemProperty;
this.defaultValue = value;
@ -89,6 +100,10 @@ public final class XMLSecurityManager {
return (propertyName == null) ? false : systemProperty.equals(propertyName);
}
public String key() {
return key;
}
public String apiProperty() {
return apiProperty;
}
@ -97,7 +112,7 @@ public final class XMLSecurityManager {
return systemProperty;
}
int defaultValue() {
public int defaultValue() {
return defaultValue;
}
@ -152,7 +167,7 @@ public final class XMLSecurityManager {
/**
* Index of the special entityCountInfo property
*/
private int indexEntityCountInfo = 10000;
private final int indexEntityCountInfo = 10000;
private String printEntityCountInfo = "";
/**
@ -433,7 +448,9 @@ public final class XMLSecurityManager {
if (index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() ||
index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
index == Limit.MAX_NAME_LIMIT.ordinal()
) {
return (limitAnalyzer.getTotalValue(index) > values[index]);
} else {
return (limitAnalyzer.getValue(index) > values[index]);

6
jaxp/src/java.xml/share/classes/com/sun/xml/internal/stream/Entity.java
View File

@ -344,6 +344,9 @@ public abstract class Entity {
// to know that prolog is read
public boolean xmlDeclChunkRead = false;
// flag to indicate whether the Entity is an Entity Reference
public boolean reference = false;
/** returns the name of the current encoding
* @return current encoding name
*/
@ -388,10 +391,11 @@ public abstract class Entity {
//
/** Constructs a scanned entity. */
public ScannedEntity(String name,
public ScannedEntity(boolean reference, String name,
XMLResourceIdentifier entityLocation,
InputStream stream, Reader reader,
String encoding, boolean literal, boolean mayReadChunks, boolean isExternal) {
this.reference = reference;
this.name = name ;
this.entityLocation = entityLocation;
this.stream = stream;