Matthias Krueger created TIKA-1322:
--------------------------------------
Summary: XML file parse errors within archives trigger Zip bomb
detection
Key: TIKA-1322
URL: https://issues.apache.org/jira/browse/TIKA-1322
Project: Tika
Issue Type: Bug
Components: parser
Affects Versions: 1.5
Reporter: Matthias Krueger
Priority: Minor
Tika parses XML input using org.apache.tika.parser.xml.XMLParser. XMLParser
opens a "p" tag before a SAXParser's output of the input XML is appended. A
possible SAXException during parsing is rethrown but the opened "p" tag not
closed. The Zip bomb detection in SecureContentHandler relies on consistent
starting and closing of elements. With the current behaviour of XMLParser it
will be triggered, for example, if an archive contains 10
(SecureContentHandler#maxPackageEntryDepth) invalid XML files.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
