8026417: Enhance XML canonicalization
Copy before use mutable byte arrays. Also reviewed by Alexander Fomin <alexander.fomin@oracle.com> Reviewed-by: mullan, hawtin, ahgross
This commit is contained in:
parent
15d051e851
commit
623fe13d2c
@ -64,6 +64,8 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
|
||||
protected static final AttrCompare COMPARE = new AttrCompare();
|
||||
|
||||
// Make sure you clone the following mutable arrays before passing to
|
||||
// potentially untrusted objects such as OutputStreams.
|
||||
private static final byte[] END_PI = {'?','>'};
|
||||
private static final byte[] BEGIN_PI = {'<','?'};
|
||||
private static final byte[] END_COMM = {'-','-','>'};
|
||||
@ -76,7 +78,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
private static final byte[] LT = {'&','l','t',';'};
|
||||
private static final byte[] END_TAG = {'<','/'};
|
||||
private static final byte[] AMP = {'&','a','m','p',';'};
|
||||
private static final byte[] equalsStr = {'=','\"'};
|
||||
private static final byte[] EQUALS_STR = {'=','\"'};
|
||||
|
||||
protected static final int NODE_BEFORE_DOCUMENT_ELEMENT = -1;
|
||||
protected static final int NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT = 0;
|
||||
@ -303,7 +305,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
writer.write('>');
|
||||
sibling = currentNode.getFirstChild();
|
||||
if (sibling == null) {
|
||||
writer.write(END_TAG);
|
||||
writer.write(END_TAG.clone());
|
||||
UtfHelpper.writeStringToUtf8(name, writer);
|
||||
writer.write('>');
|
||||
//We finished with this level, pop to the previous definitions.
|
||||
@ -321,7 +323,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
break;
|
||||
}
|
||||
while (sibling == null && parentNode != null) {
|
||||
writer.write(END_TAG);
|
||||
writer.write(END_TAG.clone());
|
||||
UtfHelpper.writeByte(((Element)parentNode).getTagName(), writer, cache);
|
||||
writer.write('>');
|
||||
//We finished with this level, pop to the previous definitions.
|
||||
@ -481,7 +483,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
|
||||
if (sibling == null) {
|
||||
if (currentNodeIsVisible) {
|
||||
writer.write(END_TAG);
|
||||
writer.write(END_TAG.clone());
|
||||
UtfHelpper.writeByte(name, writer, cache);
|
||||
writer.write('>');
|
||||
//We finished with this level, pop to the previous definitions.
|
||||
@ -503,7 +505,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
}
|
||||
while (sibling == null && parentNode != null) {
|
||||
if (isVisible(parentNode)) {
|
||||
writer.write(END_TAG);
|
||||
writer.write(END_TAG.clone());
|
||||
UtfHelpper.writeByte(((Element)parentNode).getTagName(), writer, cache);
|
||||
writer.write('>');
|
||||
//We finished with this level, pop to the previous definitions.
|
||||
@ -690,7 +692,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
) throws IOException {
|
||||
writer.write(' ');
|
||||
UtfHelpper.writeByte(name, writer, cache);
|
||||
writer.write(equalsStr);
|
||||
writer.write(EQUALS_STR.clone());
|
||||
byte[] toWrite;
|
||||
final int length = value.length();
|
||||
int i = 0;
|
||||
@ -700,27 +702,27 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
switch (c) {
|
||||
|
||||
case '&' :
|
||||
toWrite = AMP;
|
||||
toWrite = AMP.clone();
|
||||
break;
|
||||
|
||||
case '<' :
|
||||
toWrite = LT;
|
||||
toWrite = LT.clone();
|
||||
break;
|
||||
|
||||
case '"' :
|
||||
toWrite = QUOT;
|
||||
toWrite = QUOT.clone();
|
||||
break;
|
||||
|
||||
case 0x09 : // '\t'
|
||||
toWrite = X9;
|
||||
toWrite = X9.clone();
|
||||
break;
|
||||
|
||||
case 0x0A : // '\n'
|
||||
toWrite = XA;
|
||||
toWrite = XA.clone();
|
||||
break;
|
||||
|
||||
case 0x0D : // '\r'
|
||||
toWrite = XD;
|
||||
toWrite = XD.clone();
|
||||
break;
|
||||
|
||||
default :
|
||||
@ -750,7 +752,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
|
||||
writer.write('\n');
|
||||
}
|
||||
writer.write(BEGIN_PI);
|
||||
writer.write(BEGIN_PI.clone());
|
||||
|
||||
final String target = currentPI.getTarget();
|
||||
int length = target.length();
|
||||
@ -758,7 +760,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
for (int i = 0; i < length; i++) {
|
||||
char c = target.charAt(i);
|
||||
if (c == 0x0D) {
|
||||
writer.write(XD);
|
||||
writer.write(XD.clone());
|
||||
} else {
|
||||
if (c < 0x80) {
|
||||
writer.write(c);
|
||||
@ -778,14 +780,14 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
for (int i = 0; i < length; i++) {
|
||||
char c = data.charAt(i);
|
||||
if (c == 0x0D) {
|
||||
writer.write(XD);
|
||||
writer.write(XD.clone());
|
||||
} else {
|
||||
UtfHelpper.writeCharToUtf8(c, writer);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
writer.write(END_PI);
|
||||
writer.write(END_PI.clone());
|
||||
if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
|
||||
writer.write('\n');
|
||||
}
|
||||
@ -804,7 +806,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
|
||||
writer.write('\n');
|
||||
}
|
||||
writer.write(BEGIN_COMM);
|
||||
writer.write(BEGIN_COMM.clone());
|
||||
|
||||
final String data = currentComment.getData();
|
||||
final int length = data.length();
|
||||
@ -812,7 +814,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
for (int i = 0; i < length; i++) {
|
||||
char c = data.charAt(i);
|
||||
if (c == 0x0D) {
|
||||
writer.write(XD);
|
||||
writer.write(XD.clone());
|
||||
} else {
|
||||
if (c < 0x80) {
|
||||
writer.write(c);
|
||||
@ -822,7 +824,7 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
}
|
||||
}
|
||||
|
||||
writer.write(END_COMM);
|
||||
writer.write(END_COMM.clone());
|
||||
if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
|
||||
writer.write('\n');
|
||||
}
|
||||
@ -846,19 +848,19 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi {
|
||||
switch (c) {
|
||||
|
||||
case '&' :
|
||||
toWrite = AMP;
|
||||
toWrite = AMP.clone();
|
||||
break;
|
||||
|
||||
case '<' :
|
||||
toWrite = LT;
|
||||
toWrite = LT.clone();
|
||||
break;
|
||||
|
||||
case '>' :
|
||||
toWrite = GT;
|
||||
toWrite = GT.clone();
|
||||
break;
|
||||
|
||||
case 0xD :
|
||||
toWrite = XD;
|
||||
toWrite = XD.clone();
|
||||
break;
|
||||
|
||||
default :
|
||||
|
Loading…
Reference in New Issue
Block a user