File xmltooling-1.5.6-CVE-2018-0489.patch of Package xmltooling

Overview Repositories Revisions Requests Users Attributes Meta

File xmltooling-1.5.6-CVE-2018-0489.patch of Package xmltooling

From 74ec6fa833f46a84486a97c491e391fb8c48f1ea Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 27 Feb 2018 11:45:44 -0500
Subject: [PATCH] CPPXT-128 - Rework text node handling and disable comments.

---
 xmltooling/AbstractComplexElement.cpp           | 16 +++++++++++++++-
 xmltooling/AbstractSimpleElement.cpp            | 22 ++++++++++++++--------
 xmltooling/io/AbstractXMLObjectUnmarshaller.cpp |  5 +++--
 xmltooling/util/ParserPool.cpp                  |  1 +
 4 files changed, 33 insertions(+), 11 deletions(-)

Index: xmltooling-1.5.6/xmltooling/AbstractComplexElement.cpp
===================================================================
--- xmltooling-1.5.6.orig/xmltooling/AbstractComplexElement.cpp
+++ xmltooling-1.5.6/xmltooling/AbstractComplexElement.cpp
@@ -102,5 +102,19 @@ void AbstractComplexElement::setTextCont
         m_text.push_back(nullptr);
         ++size;
     }
-    m_text[position] = prepareForAssignment(m_text[position], value);
+
+    // Merge if necessary.
+    if (value && *value) {
+        if (!m_text[position] || !*m_text[position]) {
+            m_text[position] = prepareForAssignment(m_text[position], value);
+        }
+        else {
+            XMLSize_t initialLen = XMLString::stringLen(m_text[position]);
+            XMLCh* merged = new XMLCh[initialLen + XMLString::stringLen(value) + 1];
+            auto_arrayptr<XMLCh> janitor(merged);
+            XMLString::copyString(merged, m_text[position]);
+            XMLString::catString(merged + initialLen, value);
+            m_text[position] = prepareForAssignment(m_text[position], merged);
+        }
+    }
 }
Index: xmltooling-1.5.6/xmltooling/AbstractSimpleElement.cpp
===================================================================
--- xmltooling-1.5.6.orig/xmltooling/AbstractSimpleElement.cpp
+++ xmltooling-1.5.6/xmltooling/AbstractSimpleElement.cpp
@@ -77,12 +77,18 @@ void AbstractSimpleElement::setTextConte
     if (position > 0)
         throw XMLObjectException("Cannot set text content in simple element at position > 0.");
 
-    // We overwrite the "one" piece of Text content if:
-    //  - the new value is null
-    //  - there is no existing value
-    //  - the old value is all whitespace
-    // If there's a non-whitespace value set, we leave it alone unless we're clearing it with a null.
-
-    if (!value || !m_value || XMLChar1_0::isAllSpaces(m_value, XMLString::stringLen(m_value)))
-        m_value=prepareForAssignment(m_value, value);
+    // Merge if necessary.
+    if (value && *value) {
+        if (!m_value || !*m_value) {
+            m_value = prepareForAssignment(m_value, value);
+        }
+        else {
+            XMLSize_t initialLen = XMLString::stringLen(m_value);
+            XMLCh* merged = new XMLCh[initialLen + XMLString::stringLen(value) + 1];
+            auto_arrayptr<XMLCh> janitor(merged);
+            XMLString::copyString(merged, m_value);
+            XMLString::catString(merged + initialLen, value);
+            m_value = prepareForAssignment(m_value, merged);
+        }
+    }
 }
Index: xmltooling-1.5.6/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp
===================================================================
--- xmltooling-1.5.6.orig/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp
+++ xmltooling-1.5.6/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp
@@ -206,8 +206,9 @@ void AbstractXMLObjectUnmarshaller::unma
         else if (childNode->getNodeType() == DOMNode::TEXT_NODE || childNode->getNodeType() == DOMNode::CDATA_SECTION_NODE) {
             m_log.debug("processing text content at position (%d)", position);
             setTextContent(childNode->getNodeValue(), position);
-        } else if (childNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE || childNode->getNodeType() == DOMNode::ENTITY_NODE) {
-            throw UnmarshallingException("Unmarshaller found Entity/Reference node.");
+        }
+        else if (childNode->getNodeType() != DOMNode::ATTRIBUTE_NODE) {
+            throw UnmarshallingException("Unmarshaller found unsupported node type.");
         }
         
         childNode = childNode->getNextSibling();
Index: xmltooling-1.5.6/xmltooling/util/ParserPool.cpp
===================================================================
--- xmltooling-1.5.6.orig/xmltooling/util/ParserPool.cpp
+++ xmltooling-1.5.6/xmltooling/util/ParserPool.cpp
@@ -415,6 +415,7 @@ DOMLSParser* ParserPool::createBuilder()
     }
     parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
     parser->getDomConfig()->setParameter(XMLUni::fgXercesDisableDefaultEntityResolution, true);
+    parser->getDomConfig()->setParameter(XMLUni::fgDOMComments, false);
     parser->getDomConfig()->setParameter(XMLUni::fgDOMResourceResolver, dynamic_cast<DOMLSResourceResolver*>(this));
     parser->getDomConfig()->setParameter(XMLUni::fgXercesSecurityManager, m_security.get());
     return parser;

Places

File xmltooling-1.5.6-CVE-2018-0489.patch of Package xmltooling

Places