[jira] [Commented] (TIKA-1322) XML file parse errors within archives trigger Zip bomb detection
[ https://issues.apache.org/jira/browse/TIKA-1322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14019737#comment-14019737 ] ASF GitHub Bot commented on TIKA-1322: -- Github user asfgit closed the pull request at: https://github.com/apache/tika/pull/9 XML file parse errors within archives trigger Zip bomb detection Key: TIKA-1322 URL: https://issues.apache.org/jira/browse/TIKA-1322 Project: Tika Issue Type: Bug Components: parser Affects Versions: 1.5 Reporter: Matthias Krueger Priority: Minor Fix For: 1.6 Tika parses XML input using org.apache.tika.parser.xml.XMLParser. XMLParser opens a p tag before a SAXParser's output of the input XML is appended. A possible SAXException during parsing is rethrown but the opened p tag not closed. The Zip bomb detection in SecureContentHandler relies on consistent starting and closing of elements. With the current behaviour of XMLParser it will be triggered, for example, if an archive contains 10 (SecureContentHandler#maxPackageEntryDepth) invalid XML files. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TIKA-1322) XML file parse errors within archives trigger Zip bomb detection
[ https://issues.apache.org/jira/browse/TIKA-1322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14019755#comment-14019755 ] Hudson commented on TIKA-1322: -- SUCCESS: Integrated in tika-trunk-jdk1.6 #25 (See [https://builds.apache.org/job/tika-trunk-jdk1.6/25/]) Patch from Matthias Krueger from TIKA-1322 - XMLParser opens a p tag at the start, so always close it (not just on valid files), to avoid triggering the SecureContentHandler depth check on multiple xml errors. This closes #9 from github (nick: http://svn.apache.org/viewvc/tika/trunk/?view=revrev=1600841) * /tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java * /tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/AutoDetectParserTest.java XML file parse errors within archives trigger Zip bomb detection Key: TIKA-1322 URL: https://issues.apache.org/jira/browse/TIKA-1322 Project: Tika Issue Type: Bug Components: parser Affects Versions: 1.5 Reporter: Matthias Krueger Priority: Minor Fix For: 1.6 Tika parses XML input using org.apache.tika.parser.xml.XMLParser. XMLParser opens a p tag before a SAXParser's output of the input XML is appended. A possible SAXException during parsing is rethrown but the opened p tag not closed. The Zip bomb detection in SecureContentHandler relies on consistent starting and closing of elements. With the current behaviour of XMLParser it will be triggered, for example, if an archive contains 10 (SecureContentHandler#maxPackageEntryDepth) invalid XML files. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TIKA-1322) XML file parse errors within archives trigger Zip bomb detection
[ https://issues.apache.org/jira/browse/TIKA-1322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14019756#comment-14019756 ] Hudson commented on TIKA-1322: -- SUCCESS: Integrated in tika-trunk-jdk1.7 #24 (See [https://builds.apache.org/job/tika-trunk-jdk1.7/24/]) Patch from Matthias Krueger from TIKA-1322 - XMLParser opens a p tag at the start, so always close it (not just on valid files), to avoid triggering the SecureContentHandler depth check on multiple xml errors. This closes #9 from github (nick: http://svn.apache.org/viewvc/tika/trunk/?view=revrev=1600841) * /tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java * /tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/AutoDetectParserTest.java XML file parse errors within archives trigger Zip bomb detection Key: TIKA-1322 URL: https://issues.apache.org/jira/browse/TIKA-1322 Project: Tika Issue Type: Bug Components: parser Affects Versions: 1.5 Reporter: Matthias Krueger Priority: Minor Fix For: 1.6 Tika parses XML input using org.apache.tika.parser.xml.XMLParser. XMLParser opens a p tag before a SAXParser's output of the input XML is appended. A possible SAXException during parsing is rethrown but the opened p tag not closed. The Zip bomb detection in SecureContentHandler relies on consistent starting and closing of elements. With the current behaviour of XMLParser it will be triggered, for example, if an archive contains 10 (SecureContentHandler#maxPackageEntryDepth) invalid XML files. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TIKA-1322) XML file parse errors within archives trigger Zip bomb detection
[ https://issues.apache.org/jira/browse/TIKA-1322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14018247#comment-14018247 ] ASF GitHub Bot commented on TIKA-1322: -- GitHub user mkr opened a pull request: https://github.com/apache/tika/pull/9 TIKA-1322: Properly close XMLParser's output in case of SAXException. Fix and test for https://issues.apache.org/jira/browse/TIKA-1322. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mkr/tika TIKA-1322 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/tika/pull/9.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #9 commit 63d979538a72e5c044b2074219268da57fcf48cd Author: Matthias Krueger m...@mkr.io Date: 2014-06-04T21:45:15Z TIKA-1322: Properly close XMLParser's output in case of SAXException. XML file parse errors within archives trigger Zip bomb detection Key: TIKA-1322 URL: https://issues.apache.org/jira/browse/TIKA-1322 Project: Tika Issue Type: Bug Components: parser Affects Versions: 1.5 Reporter: Matthias Krueger Priority: Minor Tika parses XML input using org.apache.tika.parser.xml.XMLParser. XMLParser opens a p tag before a SAXParser's output of the input XML is appended. A possible SAXException during parsing is rethrown but the opened p tag not closed. The Zip bomb detection in SecureContentHandler relies on consistent starting and closing of elements. With the current behaviour of XMLParser it will be triggered, for example, if an archive contains 10 (SecureContentHandler#maxPackageEntryDepth) invalid XML files. -- This message was sent by Atlassian JIRA (v6.2#6252)
