eclipse-ee4j / jax-rpc-ri

JAX RPC Implementation (Eclipse Metro Project)
Other
2 stars 4 forks source link

jaxrpc xml parser can corrupt map entries #48

Open Tomas-Kraus opened 13 years ago

Tomas-Kraus commented 13 years ago

The InputEntity.java class processes the input XML using 2k buffers. If the XML map value spans a buffer boundary then duplicate characters can be introduced leader to data corruption and very difficult to diagnose bugs in client applications.

If the XML looks like this:

com.sun.identity.agents.config.notenforced.uri [0]=

and the value is [0]=, this bug will mean the map entry value will end up looking like this [[0]=. If the XML example ends up in the buffer like this:

1]">serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=falsecom.sun.identity.agents.config.logout.url.probe.timeout2000com.sun.identity.agents.config.audit.accesstypeLOG_NONEcom.sun.identity.agents.config.webservice.autherror.contentWSAuthErrorContent.txtcom.sun.identity.agents.config.logout.url.prioritizedtruecom.sun.identity.agents.config.fqdn.defaultamers1.mydetails.login.cp.reutest.netcom.sun.identity.idm.remote.notification.enabledtruecom.sun.identity.agents.config.bypass.principal[0]=com.sun.identity.agents.config.notenforced.uri[0]

Notice the value spans the buffer boundary. The problem is due to the processing starting at 0 rather than 1 when the buffer is switched. Fix is attached. This is a diff on InputEntity.java from the tag JAXRPC_1_1_3_01_PKG_041406, but the issue is still present in trunk

Affected Versions

[current]

Tomas-Kraus commented 6 years ago
Tomas-Kraus commented 13 years ago

@glassfishrobot Commented Reported by sjferris

Tomas-Kraus commented 13 years ago

@glassfishrobot Commented File: jaxrpc.bug.diff Attached By: sjferris

Tomas-Kraus commented 7 years ago

@glassfishrobot Commented This issue was imported from java.net JIRA JAX_RPC-48