[ https://issues.apache.org/jira/browse/TIKA-1322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14018247#comment-14018247 ]
ASF GitHub Bot commented on TIKA-1322: -------------------------------------- GitHub user mkr opened a pull request: https://github.com/apache/tika/pull/9 TIKA-1322: Properly close XMLParser's output in case of SAXException. Fix and test for https://issues.apache.org/jira/browse/TIKA-1322. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mkr/tika TIKA-1322 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/tika/pull/9.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #9 ---- commit 63d979538a72e5c044b2074219268da57fcf48cd Author: Matthias Krueger <m...@mkr.io> Date: 2014-06-04T21:45:15Z TIKA-1322: Properly close XMLParser's output in case of SAXException. ---- > XML file parse errors within archives trigger Zip bomb detection > ---------------------------------------------------------------- > > Key: TIKA-1322 > URL: https://issues.apache.org/jira/browse/TIKA-1322 > Project: Tika > Issue Type: Bug > Components: parser > Affects Versions: 1.5 > Reporter: Matthias Krueger > Priority: Minor > > Tika parses XML input using org.apache.tika.parser.xml.XMLParser. XMLParser > opens a "p" tag before a SAXParser's output of the input XML is appended. A > possible SAXException during parsing is rethrown but the opened "p" tag not > closed. The Zip bomb detection in SecureContentHandler relies on consistent > starting and closing of elements. With the current behaviour of XMLParser it > will be triggered, for example, if an archive contains 10 > (SecureContentHandler#maxPackageEntryDepth) invalid XML files. -- This message was sent by Atlassian JIRA (v6.2#6252)