File: CVE-2021-33813.patch

package info (click to toggle)
libjdom2-java 2.0.6-2.1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 4,748 kB
  • sloc: java: 48,384; xml: 1,071; makefile: 9
file content (65 lines) | stat: -rw-r--r-- 2,092 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
From bd3ab78370098491911d7fe9d7a43b97144a234e Mon Sep 17 00:00:00 2001
From: Esti <esther.burs@gmail.com>
Date: Thu, 18 Feb 2021 16:40:01 +0200
Subject: [PATCH] fix setFeature bug and add test case

---
 core/src/java/org/jdom2/input/SAXBuilder.java | 10 ++++------
 .../test/cases/input/TestSAXBuilder.java      | 20 +++++++++++++++++++
 2 files changed, 24 insertions(+), 6 deletions(-)

--- a/core/src/java/org/jdom2/input/SAXBuilder.java
+++ b/core/src/java/org/jdom2/input/SAXBuilder.java
@@ -971,11 +971,6 @@
 			}
 		}
 
-		// Set any user-specified features on the parser.
-		for (final Map.Entry<String, Boolean> me : features.entrySet()) {
-			internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey());
-		}
-
 		// Set any user-specified properties on the parser.
 		for (final Map.Entry<String, Object> me : properties.entrySet()) {
 			internalSetProperty(parser, me.getKey(), me.getValue(), me.getKey());
@@ -1007,7 +1002,10 @@
 				// No lexical reporting available
 			}
 		}
-
+		// Set any user-specified features on the parser.
+		for (final Map.Entry<String, Boolean> me : features.entrySet()) {
+			internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey());
+		}
 	}
 
 	/**
--- a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
+++ b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
@@ -601,6 +601,26 @@
 	}
 
 	@Test
+	public void testSetExternalFeature() {
+		String feature = "http://xml.org/sax/features/external-general-entities";
+		MySAXBuilder sb = new MySAXBuilder();
+		try {
+			sb.setFeature(feature, true);
+			XMLReader reader = sb.createParser();
+			assertNotNull(reader);
+			assertTrue(reader.getFeature(feature));
+			sb.setFeature(feature, false);
+			reader = sb.createParser();
+			assertNotNull(reader);
+			assertFalse(reader.getFeature(feature));
+
+		} catch (Exception e) {
+			e.printStackTrace();
+			fail("Could not create parser: " + e.getMessage());
+		}
+	}
+
+	@Test
 	public void testSetProperty() {
 		LexicalHandler lh = new LexicalHandler() {
 			@Override