rpms / devtoolset-3-xalan-j2

Clone
Source Code
GIT

Blame SOURCES/xalan-j2-CVE-2014-0107.patch

c7
  1.   a754026bd99caccfd5b1c16b1f60725a20327dfe
  2.   SOURCES
  3.   xalan-j2-CVE-2014-0107.patch
Blob History Raw
a75402 
diff --git a/src/org/apache/xalan/processor/TransformerFactoryImpl.java b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
a75402 
index 1298943..96a5e58 100644
a75402 
--- a/src/org/apache/xalan/processor/TransformerFactoryImpl.java
a75402 
+++ b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
a75402 
@@ -335,6 +335,10 @@ public class TransformerFactoryImpl extends SAXTransformerFactory
a75402 
           reader = XMLReaderFactory.createXMLReader();
a75402 
         }
a75402
a75402 
+        if(m_isSecureProcessing)
a75402 
+        {
a75402 
+            reader.setFeature("http://xml.org/sax/features/external-general-entities",false);
a75402 
+        }
a75402 
         // Need to set options!
a75402 
         reader.setContentHandler(handler);
a75402 
         reader.parse(isource);
a75402 
diff --git a/src/org/apache/xalan/processor/XSLTElementProcessor.java b/src/org/apache/xalan/processor/XSLTElementProcessor.java
a75402 
index b946743..17b7395 100644
a75402 
--- a/src/org/apache/xalan/processor/XSLTElementProcessor.java
a75402 
+++ b/src/org/apache/xalan/processor/XSLTElementProcessor.java
a75402 
@@ -338,17 +338,31 @@ public class XSLTElementProcessor extends ElemTemplateElement
a75402 
       }
a75402 
       else
a75402 
       {
a75402 
-        // Can we switch the order here:
a75402 
-
a75402 
-        boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
a75402 
-                             attributes.getQName(i), attributes.getValue(i),
a75402 
-                             target);
a75402 
-
a75402 
-        // Now we only add the element if it passed a validation check
a75402 
-        if (success)
a75402 
-            processedDefs.add(attrDef);
a75402 
-        else
a75402 
-            errorDefs.add(attrDef);
a75402 
+        //handle secure processing
a75402 
+        if(handler.getStylesheetProcessor()==null)
a75402 
+            System.out.println("stylesheet processor null");
a75402 
+        if(attrDef.getName().compareTo("*")==0 && handler.getStylesheetProcessor().isSecureProcessing())
a75402 
+        {
a75402 
+            //foreign attributes are not allowed in secure processing mode
a75402 
+            // Then barf, because this element does not allow this attribute.
a75402 
+            handler.error(XSLTErrorResources.ER_ATTR_NOT_ALLOWED, new Object[]{attributes.getQName(i), rawName}, null);//"\""+attributes.getQName(i)+"\""
a75402 
+            //+ " attribute is not allowed on the " + rawName
a75402 
+            // + " element!", null);
a75402 
+        }
a75402 
+        else
a75402 
+        {
a75402 
+
a75402 
+
a75402 
+            boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
a75402 
+                                 attributes.getQName(i), attributes.getValue(i),
a75402 
+                                 target);
a75402 
+
a75402 
+            // Now we only add the element if it passed a validation check
a75402 
+            if (success)
a75402 
+                processedDefs.add(attrDef);
a75402 
+            else
a75402 
+                errorDefs.add(attrDef);
a75402 
+        }
a75402 
       }
a75402 
     }
a75402
a75402 
diff --git a/src/org/apache/xalan/transformer/TransformerImpl.java b/src/org/apache/xalan/transformer/TransformerImpl.java
a75402 
index dd0d4d9..0906d24 100644
a75402 
--- a/src/org/apache/xalan/transformer/TransformerImpl.java
a75402 
+++ b/src/org/apache/xalan/transformer/TransformerImpl.java
a75402 
@@ -438,7 +438,9 @@ public class TransformerImpl extends Transformer
a75402 
     try
a75402 
     {
a75402 
       if (sroot.getExtensions() != null)
a75402 
-        m_extensionsTable = new ExtensionsTable(sroot);
a75402 
+        //only load extensions if secureProcessing is disabled
a75402 
+        if(!sroot.isSecureProcessing())
a75402 
+            m_extensionsTable = new ExtensionsTable(sroot);
a75402 
     }
a75402 
     catch (javax.xml.transform.TransformerException te)
a75402 
     {te.printStackTrace();}
a75402 
diff --git a/src/org/apache/xpath/functions/FuncSystemProperty.java b/src/org/apache/xpath/functions/FuncSystemProperty.java
a75402 
index 4bea356..78ac980 100644
a75402 
--- a/src/org/apache/xpath/functions/FuncSystemProperty.java
a75402 
+++ b/src/org/apache/xpath/functions/FuncSystemProperty.java
a75402 
@@ -58,7 +58,7 @@ public class FuncSystemProperty extends FunctionOneArg
a75402
a75402 
     String fullName = m_arg0.execute(xctxt).str();
a75402 
     int indexOfNSSep = fullName.indexOf(':');
a75402 
-    String result;
a75402 
+    String result = null;
a75402 
     String propName = "";
a75402
a75402 
     // List of properties where the name of the
a75402 
@@ -98,14 +98,20 @@ public class FuncSystemProperty extends FunctionOneArg
a75402
a75402 
         try
a75402 
         {
a75402 
-          result = System.getProperty(propName);
a75402 
-
a75402 
-          if (null == result)
a75402 
-          {
a75402 
-
a75402 
-            // result = System.getenv(propName);
a75402 
-            return XString.EMPTYSTRING;
a75402 
-          }
a75402 
+            //if secure procession is enabled only handle required properties do not not map any valid system property
a75402 
+            if(!xctxt.isSecureProcessing())
a75402 
+            {
a75402 
+                result = System.getProperty(propName);
a75402 
+            }
a75402 
+            else
a75402 
+            {
a75402 
+                warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
a75402 
+                        new Object[]{ fullName });  //"SecurityException when trying to access XSL system property: "+fullName);
a75402 
+            }
a75402 
+            if (null == result)
a75402 
+            {
a75402 
+                return XString.EMPTYSTRING;
a75402 
+            }
a75402 
         }
a75402 
         catch (SecurityException se)
a75402 
         {
a75402 
@@ -120,14 +126,20 @@ public class FuncSystemProperty extends FunctionOneArg
a75402 
     {
a75402 
       try
a75402 
       {
a75402 
-        result = System.getProperty(fullName);
a75402 
-
a75402 
-        if (null == result)
a75402 
-        {
a75402 
-
a75402 
-          // result = System.getenv(fullName);
a75402 
-          return XString.EMPTYSTRING;
a75402 
-        }
a75402 
+          //if secure procession is enabled only handle required properties do not not map any valid system property
a75402 
+          if(!xctxt.isSecureProcessing())
a75402 
+          {
a75402 
+              result = System.getProperty(fullName);
a75402 
+          }
a75402 
+          else
a75402 
+          {
a75402 
+              warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
a75402 
+                      new Object[]{ fullName });  //"SecurityException when trying to access XSL system property: "+fullName);
a75402 
+          }
a75402 
+          if (null == result)
a75402 
+          {
a75402 
+              return XString.EMPTYSTRING;
a75402 
+          }
a75402 
       }
a75402 
       catch (SecurityException se)
a75402 
       {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation