[
https://issues.apache.org/jira/browse/XALANC-684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Bertoni resolved XALANC-684.
----------------------------------
Resolution: Fixed
Fix Version/s: CurrentCVS
Patch applied.
> XPath single quote-comma bug
> ----------------------------
>
> Key: XALANC-684
> URL: https://issues.apache.org/jira/browse/XALANC-684
> Project: XalanC
> Issue Type: Bug
> Components: XalanC
> Affects Versions: 1.10
> Environment: all
> Reporter: Hans Smit
> Assignee: David Bertoni
> Priority: Minor
> Fix For: CurrentCVS
>
> Attachments: XALANC-684.patch
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> Hi David,
> I let our security hacker goes nuts on a server I've been developing and
> he came across this:
> Description
> -----------
> the XPath criteria expression,
> contains(.,translate('','','A','a'))
> generates a null pointer exception in the following file,
> FunctionContains::execute(...)
> line: const XalanDOMString& str2 = arg2->str(executionContext);
> Cause
> -----
> ('','') The double single quotes surrounding the comma in the first
> argument of the translate xpath function fails to get detected as a syntax
> error.
> David Bertoni writes> Actually, this should be interpreted as a function call
> with 4
> arguments. It turns out there's a bug with reporting errors using the
> default implementation of the error reporting mechanism.
> How to reproduce
> ----------------
> execute (using the sample project provided in XalanC):
> SimpleXPathAPI.exe test-fs.xml root
> /root/fs/row[contains(.,translate('','','A','a'))]
> where the test-fs.xml contains the following xml:
> <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
> <root>
> <fs>
> <row>
> <id>31</id>
> <directory/>
> <path>technical</path>
> </row>
> </fs>
> </root>
> Platform
> --------
> - WinXP
> - MSVC++ 9.0 Pro Ed.
> - XalanC 1.10 (trunk) Debug + Release versions
> - compiled against XercesC 3.0
> Consequences
> ------------
> If web applications enable the user to enter XPath criteria's directly,
> then it is possible to crash the server that executes the XPath
> expression.
> The band-aid patch for this is to scrutinize all client side input,
> however, this can be easily overlooked in certain situations. A better
> solution is to detect this issue in XalanC and throw an
> xalanc::XalanXPathException.
> David Bertoni writes>This is what should happen. It works fine within a
> stylesheet, because
> the execution context correctly reports the errors
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
