File: CVE-2021-33813.patch

package info (click to toggle)
libjdom1-java 1.1.3-2.1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 2,748 kB
  • sloc: java: 21,155; xml: 1,377; sh: 86; perl: 31; makefile: 17
file content (68 lines) | stat: -rw-r--r-- 2,586 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
From bd3ab78370098491911d7fe9d7a43b97144a234e Mon Sep 17 00:00:00 2001
From: Esti <esther.burs@gmail.com>
Date: Thu, 18 Feb 2021 16:40:01 +0200
Subject: [PATCH] fix setFeature bug and add test case
Re-adapted-By: Utkarsh Gupta <utkarsh@debian.org>

--- a/core/src/java/org/jdom/input/SAXBuilder.java
+++ b/core/src/java/org/jdom/input/SAXBuilder.java
@@ -758,16 +758,8 @@
     private void setFeaturesAndProperties(XMLReader parser,
                                           boolean coreFeatures)
                                                         throws JDOMException {
-        // Set any user-specified features on the parser.
-        Iterator iter = features.keySet().iterator();
-        while (iter.hasNext()) {
-            String  name  = (String)iter.next();
-            Boolean value = (Boolean)features.get(name);
-            internalSetFeature(parser, name, value.booleanValue(), name);
-        }
-
         // Set any user-specified properties on the parser.
-        iter = properties.keySet().iterator();
+        Iterator iter = properties.keySet().iterator();
         while (iter.hasNext()) {
             String name = (String)iter.next();
             internalSetProperty(parser, name, properties.get(name), name);
@@ -810,6 +802,14 @@
         }
         catch (SAXNotRecognizedException e) { /* Ignore... */ }
         catch (SAXNotSupportedException  e) { /* Ignore... */ }
+
+        // Set any user-specified features on the parser.
+        iter = features.keySet().iterator();
+        while (iter.hasNext()) {
+            String  name  = (String)iter.next();
+            Boolean value = (Boolean)features.get(name);
+            internalSetFeature(parser, name, value.booleanValue(), name);
+        }
     }
 
     /**
--- a/test/src/java/org/jdom/test/cases/input/TestSAXBuilder.java
+++ b/test/src/java/org/jdom/test/cases/input/TestSAXBuilder.java
@@ -700,6 +700,24 @@
 //		}
 //	}
 
+	public void testSetExternalFeature() {
+		String feature = "http://javax.xml.XMLConstants/feature/secure-processing";
+		MySAXBuilder sb = new MySAXBuilder();
+		try {
+			sb.setFeature(feature, true);
+			XMLReader reader = sb.createParser();
+			assertNotNull(reader);
+			assertTrue(reader.getFeature(feature));
+			sb.setFeature(feature, false);
+			reader = sb.createParser();
+			assertNotNull(reader);
+			assertFalse(reader.getFeature(feature));
+		} catch (Exception e) {
+			e.printStackTrace();
+			fail("Could not create parser: " + e.getMessage());
+		}
+	}
+
 	public void testSetProperty() {
 		LexicalHandler lh = new LexicalHandler() {