Skip to content

Commit

Permalink
8294858: XMLStreamReader does not respect jdk.xml.maxXMLNameLimit=0 f…
Browse files Browse the repository at this point in the history
…or namespace names

Reviewed-by: lancea, naoto
  • Loading branch information
JoeWang-Java committed Nov 3, 2022
1 parent 72f74df commit 2ff9d3a
Show file tree
Hide file tree
Showing 3 changed files with 107 additions and 5 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
*/
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
Expand Down Expand Up @@ -69,6 +69,8 @@
* @author Elena Litani, IBM
* @author Michael Glavassevich, IBM
* @author Sunitha Reddy, Sun Microsystems
*
* @LastModified: Nov 2022
*/
public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {

Expand Down Expand Up @@ -637,7 +639,8 @@ protected void scanAttribute(XMLAttributesImpl attributes)
// record namespace declarations if any.
if (fBindNamespaces) {
if (isNSDecl) {
if (value.length() > fXMLNameLimit) {
//check the length of URI if a limit is set
if (fXMLNameLimit > 0 && value.length() > fXMLNameLimit) {
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
"MaxXMLNameLimit",
new Object[]{value, value.length(), fXMLNameLimit,
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
*/
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
Expand Down Expand Up @@ -54,6 +54,8 @@
* @author Neeraj Bajaj, Sun Microsystems
* @author Venugopal Rao K, Sun Microsystems
* @author Elena Litani, IBM
*
* @LastModified: Nov 2022
*/
public class XMLNSDocumentScannerImpl
extends XMLDocumentScannerImpl {
Expand Down Expand Up @@ -453,8 +455,8 @@ protected void scanAttribute(XMLAttributesImpl attributes)
// record namespace declarations if any.
if (fBindNamespaces) {
if (isNSDecl) {
//check the length of URI
if (tmpStr.length > fXMLNameLimit) {
//check the length of URI if a limit is set
if (fXMLNameLimit > 0 && tmpStr.length > fXMLNameLimit) {
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
"MaxXMLNameLimit",
new Object[]{new String(tmpStr.ch,tmpStr.offset,tmpStr.length),
Expand Down
97 changes: 97 additions & 0 deletions test/jaxp/javax/xml/jaxp/unittest/common/ProcessingLimits.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package common;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamReader;
import org.testng.Assert;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

/*
* @test
* @bug 8294858
* @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
* @run testng/othervm common.ProcessingLimits
* @summary Verifies the support of processing limits. Use this test to cover
* tests related to processing limits.
*/
public class ProcessingLimits {
private static final String XML_NAME_LIMIT = "jdk.xml.maxXMLNameLimit";

/*
* Data for tests:
* xml, name limit
*/
@DataProvider(name = "xml-data")
public Object[][] xmlData() throws Exception {
return new Object[][]{
{"<foo xmlns='bar'/>", null},
{"<foo xmlns='bar'/>", "0"},
{"<?xml version=\"1.1\"?><foo xmlns='bar'/>", null},
{"<?xml version=\"1.1\"?><foo xmlns='bar'/>", "0"},
};
}
/**
* bug 8294858
* Verifies that 0 (no limit) is honored by the parser. According to the bug
* report, the parser treated 0 literally for namespace names.
*
* @param xml the XML content
* @param limit the limit to be set. "null" means not set.
*
* @throws Exception if the test fails
*/
@Test(dataProvider = "xml-data")
public void testNameLimit(String xml, String limit)throws Exception
{
boolean success = true;
try {
if (limit != null) {
System.setProperty(XML_NAME_LIMIT, limit);
}
parse(xml);
} catch (Exception e) {
// catch instead of throw so that we can clear the System Property
success = false;
System.err.println("Limit is set to " + limit + " failed: " + e.getMessage());
}
if (limit != null) {
System.clearProperty(XML_NAME_LIMIT);
}
Assert.assertTrue(success);
}

private static void parse(String xml)
throws Exception
{
InputStream is = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
XMLStreamReader reader = XMLInputFactory.newInstance().createXMLStreamReader(is);
while (reader.hasNext())
reader.next();
System.err.println("Parsed successfully");
}
}

1 comment on commit 2ff9d3a

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.