File: CVE-2021-33813_regression.patch

package info (click to toggle)
libjdom2-java 2.0.6-2.1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 4,748 kB
  • sloc: java: 48,384; xml: 1,071; makefile: 9
file content (56 lines) | stat: -rw-r--r-- 2,030 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
From dd4f3c2fc7893edd914954c73eb577f925a7d361 Mon Sep 17 00:00:00 2001
From: Rolf Lear <rolf@tuis.net>
Date: Thu, 1 Jul 2021 23:42:05 -0400
Subject: [PATCH] Addresses #189 - synchronizes external entity expansion
 setting

---
 core/src/java/org/jdom2/input/SAXBuilder.java | 6 ++++++
 1 file changed, 6 insertions(+)

--- a/core/src/java/org/jdom2/input/SAXBuilder.java
+++ b/core/src/java/org/jdom2/input/SAXBuilder.java
@@ -82,6 +82,7 @@
 import org.jdom2.DocType;
 import org.jdom2.Document;
 import org.jdom2.EntityRef;
+import org.jdom2.JDOMConstants;
 import org.jdom2.JDOMException;
 import org.jdom2.JDOMFactory;
 import org.jdom2.Verifier;
@@ -797,6 +798,11 @@
 	public void setFeature(final String name, final boolean value) {
 		// Save the specified feature for later.
 		features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
+		if (JDOMConstants.SAX_FEATURE_EXTERNAL_ENT.equals(name)) {
+			// See issue https://github.com/hunterhacker/jdom/issues/189
+			// And PR https://github.com/hunterhacker/jdom/pull/188
+			setExpandEntities(value);
+		}
 		engine = null;
 	}
 
--- a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
+++ b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
@@ -101,6 +101,7 @@
 import org.jdom2.DefaultJDOMFactory;
 import org.jdom2.Document;
 import org.jdom2.EntityRef;
+import org.jdom2.JDOMConstants;
 import org.jdom2.JDOMException;
 import org.jdom2.JDOMFactory;
 import org.jdom2.UncheckedJDOMFactory;
@@ -609,11 +610,12 @@
 			XMLReader reader = sb.createParser();
 			assertNotNull(reader);
 			assertTrue(reader.getFeature(feature));
+			assertNull(reader.getProperty(JDOMConstants.SAX_PROPERTY_DECLARATION_HANDLER));
 			sb.setFeature(feature, false);
 			reader = sb.createParser();
 			assertNotNull(reader);
 			assertFalse(reader.getFeature(feature));
-
+			assertNotNull(reader.getProperty(JDOMConstants.SAX_PROPERTY_DECLARATION_HANDLER));
 		} catch (Exception e) {
 			e.printStackTrace();
 			fail("Could not create parser: " + e.getMessage());