packages/xerces-j2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2012-0881

Browse Source
This commit is contained in:
wangxiao65 2020-09-19 14:49:48 +08:00
parent c0aa25ff30
commit 4ae756c6d1
7 changed files with 1411 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1115
CVE-2012-0881.patch Normal file
View File

File diff suppressed because it is too large Load Diff

212
JIRA-Issue-1499-http-issues.apache.org-jira-browse-X.patch Normal file
View File

@ -0,0 +1,212 @@
From f890ce20b623f2bea736d096229677c8b99556ad Mon Sep 17 00:00:00 2001
From: Michael Glavassevich <mrglavas@apache.org>
Date: Wed, 16 Mar 2011 15:57:02 +0000
Subject: [PATCH] JIRA Issue #1499:
http://issues.apache.org/jira/browse/XERCESJ-1499. Reducing the initial
footprint of SymbolHash buckets within a SchemaGrammar from 1,515 to 177
(about 12% of the default size). Implemented a rehash() method on SymbolHash
to grow the maps if they actually become filled.
git-svn-id: https://svn.apache.org/repos/asf/xerces/java/trunk@1082175 13f79535-47bb-0310-9956-ffa450edef68
---
.../apache/xerces/impl/xs/SchemaGrammar.java | 44 ++++++++-------
.../xerces/impl/xs/traversers/XSDHandler.java | 14 ++---
src/org/apache/xerces/util/SymbolHash.java | 55 +++++++++++++++++--
3 files changed, 81 insertions(+), 32 deletions(-)
diff --git a/src/org/apache/xerces/impl/xs/SchemaGrammar.java b/src/org/apache/xerces/impl/xs/SchemaGrammar.java
index e522e9770..a4d5ca675 100644
--- a/src/org/apache/xerces/impl/xs/SchemaGrammar.java
+++ b/src/org/apache/xerces/impl/xs/SchemaGrammar.java
@@ -144,35 +144,39 @@ public SchemaGrammar(String targetNamespace, XSDDescription grammarDesc,
fGrammarDescription = grammarDesc;
fSymbolTable = symbolTable;
- // REVISIT: do we know the numbers of the following global decls
- // when creating this grammar? If so, we can pass the numbers in,
- // and use that number to initialize the following hashtables.
- fGlobalAttrDecls = new SymbolHash();
- fGlobalAttrGrpDecls = new SymbolHash();
- fGlobalElemDecls = new SymbolHash();
- fGlobalGroupDecls = new SymbolHash();
- fGlobalNotationDecls = new SymbolHash();
- fGlobalIDConstraintDecls = new SymbolHash();
+ // REVISIT: the initial sizes being chosen for each SymbolHash
+ // may not be ideal and could still be tuned. They were chosen
+ // somewhat arbitrarily to reduce the initial footprint of
+ // SymbolHash buckets from 1,515 to 177 (about 12% of the
+ // default size).
+ fGlobalAttrDecls = new SymbolHash(12);
+ fGlobalAttrGrpDecls = new SymbolHash(5);
+ fGlobalElemDecls = new SymbolHash(25);
+ fGlobalGroupDecls = new SymbolHash(5);
+ fGlobalNotationDecls = new SymbolHash(1);
+ fGlobalIDConstraintDecls = new SymbolHash(3);
// Extended tables
- fGlobalAttrDeclsExt = new SymbolHash();
- fGlobalAttrGrpDeclsExt = new SymbolHash();
- fGlobalElemDeclsExt = new SymbolHash();
- fGlobalGroupDeclsExt = new SymbolHash();
- fGlobalNotationDeclsExt = new SymbolHash();
- fGlobalIDConstraintDeclsExt = new SymbolHash();
- fGlobalTypeDeclsExt = new SymbolHash();
+ fGlobalAttrDeclsExt = new SymbolHash(12);
+ fGlobalAttrGrpDeclsExt = new SymbolHash(5);
+ fGlobalElemDeclsExt = new SymbolHash(25);
+ fGlobalGroupDeclsExt = new SymbolHash(5);
+ fGlobalNotationDeclsExt = new SymbolHash(1);
+ fGlobalIDConstraintDeclsExt = new SymbolHash(3);
+ fGlobalTypeDeclsExt = new SymbolHash(25);
// All global elements table
- fAllGlobalElemDecls = new SymbolHash();
+ fAllGlobalElemDecls = new SymbolHash(25);
// if we are parsing S4S, put built-in types in first
// they might get overwritten by the types from S4S, but that's
// considered what the application wants to do.
- if (fTargetNamespace == SchemaSymbols.URI_SCHEMAFORSCHEMA)
+ if (fTargetNamespace == SchemaSymbols.URI_SCHEMAFORSCHEMA) {
fGlobalTypeDecls = SG_SchemaNS.fGlobalTypeDecls.makeClone();
- else
- fGlobalTypeDecls = new SymbolHash();
+ }
+ else {
+ fGlobalTypeDecls = new SymbolHash(25);
+ }
} // <init>(String, XSDDescription)
// Clone an existing schema grammar
diff --git a/src/org/apache/xerces/impl/xs/traversers/XSDHandler.java b/src/org/apache/xerces/impl/xs/traversers/XSDHandler.java
index e05409d6e..0937ac3a7 100644
--- a/src/org/apache/xerces/impl/xs/traversers/XSDHandler.java
+++ b/src/org/apache/xerces/impl/xs/traversers/XSDHandler.java
@@ -445,13 +445,13 @@ private String doc2SystemId(Element ele) {
private String [][] fKeyrefNamespaceContext = new String[INIT_KEYREF_STACK][1];
// global decls: map from decl name to decl object
- SymbolHash fGlobalAttrDecls = new SymbolHash();
- SymbolHash fGlobalAttrGrpDecls = new SymbolHash();
- SymbolHash fGlobalElemDecls = new SymbolHash();
- SymbolHash fGlobalGroupDecls = new SymbolHash();
- SymbolHash fGlobalNotationDecls = new SymbolHash();
- SymbolHash fGlobalIDConstraintDecls = new SymbolHash();
- SymbolHash fGlobalTypeDecls = new SymbolHash();
+ SymbolHash fGlobalAttrDecls = new SymbolHash(12);
+ SymbolHash fGlobalAttrGrpDecls = new SymbolHash(5);
+ SymbolHash fGlobalElemDecls = new SymbolHash(25);
+ SymbolHash fGlobalGroupDecls = new SymbolHash(5);
+ SymbolHash fGlobalNotationDecls = new SymbolHash(1);
+ SymbolHash fGlobalIDConstraintDecls = new SymbolHash(3);
+ SymbolHash fGlobalTypeDecls = new SymbolHash(25);
// Constructors
public XSDHandler(){
diff --git a/src/org/apache/xerces/util/SymbolHash.java b/src/org/apache/xerces/util/SymbolHash.java
index 63974da68..08caa7b03 100644
--- a/src/org/apache/xerces/util/SymbolHash.java
+++ b/src/org/apache/xerces/util/SymbolHash.java
@@ -17,7 +17,6 @@
package org.apache.xerces.util;
-
/**
* This class is an unsynchronized hash table primary used for String
* to Object mapping.
@@ -78,7 +77,8 @@ public SymbolHash(int size) {
* @param value
*/
public void put(Object key, Object value) {
- int bucket = (key.hashCode() & 0x7FFFFFFF) % fTableSize;
+ final int hash = hash(key);
+ int bucket = hash % fTableSize;
Entry entry = search(key, bucket);
// replace old value
@@ -87,6 +87,12 @@ public void put(Object key, Object value) {
}
// create new entry
else {
+ if (fNum >= fTableSize) {
+ // Rehash the table if the number of entries
+ // would exceed the number of buckets.
+ rehash();
+ bucket = hash % fTableSize;
+ }
entry = new Entry(key, value, fBuckets[bucket]);
fBuckets[bucket] = entry;
fNum++;
@@ -100,7 +106,7 @@ public void put(Object key, Object value) {
* @return the value associated with the given key.
*/
public Object get(Object key) {
- int bucket = (key.hashCode() & 0x7FFFFFFF) % fTableSize;
+ int bucket = hash(key) % fTableSize;
Entry entry = search(key, bucket);
if (entry != null) {
return entry.value;
@@ -156,14 +162,15 @@ public SymbolHash makeClone() {
SymbolHash newTable = new SymbolHash(fTableSize);
newTable.fNum = fNum;
for (int i = 0; i < fTableSize; i++) {
- if (fBuckets[i] != null)
+ if (fBuckets[i] != null) {
newTable.fBuckets[i] = fBuckets[i].makeClone();
+ }
}
return newTable;
}
/**
- * Remove all key/value assocaition. This tries to save a bit of GC'ing
+ * Remove all key/value association. This tries to save a bit of GC'ing
* by at least keeping the fBuckets array around.
*/
public void clear() {
@@ -182,6 +182,44 @@ public class SymbolHash {
return null;
}
+ /**
+ * Returns a hashcode value for the specified key.
+ *
+ * @param key The key to hash.
+ */
+ protected int hash(Object key) {
+ return key.hashCode() & 0x7FFFFFFF;
+ }
+
+ /**
+ * Increases the capacity of and internally reorganizes this
+ * SymbolHash, in order to accommodate and access its entries more
+ * efficiently. This method is called automatically when the
+ * number of keys in the SymbolHash exceeds its number of buckets.
+ */
+ protected void rehash() {
+
+ final int oldCapacity = fBuckets.length;
+ final Entry[] oldTable = fBuckets;
+
+ final int newCapacity = (oldCapacity << 1) + 1;
+ final Entry[] newTable = new Entry[newCapacity];
+
+ fBuckets = newTable;
+ fTableSize = fBuckets.length;
+
+ for (int i = oldCapacity; i-- > 0;) {
+ for (Entry old = oldTable[i]; old != null; ) {
+ Entry e = old;
+ old = old.next;
+
+ int index = hash(e.key) % newCapacity;
+ e.next = newTable[index];
+ newTable[index] = e;
+ }
+ }
+ }
+
//
// Classes
//

71
JIRA-Issue-1521-http-issues.apache.org-jira-browse-X.patch Normal file
View File

@ -0,0 +1,71 @@
From 51c3e1286d7923eb2ecbc97aade9d2cf5faa22b7 Mon Sep 17 00:00:00 2001
From: Michael Glavassevich <mrglavas@apache.org>
Date: Tue, 9 Aug 2011 14:51:31 +0000
Subject: [PATCH] JIRA Issue #1521:
http://issues.apache.org/jira/browse/XERCESJ-1521. Compact the
SoftReferenceSymbolTable if after cleaning out cleared SoftReferences the
number of symbols drops below 25% of the table's load factor threshold.
git-svn-id: https://svn.apache.org/repos/asf/xerces/java/trunk@1155386 13f79535-47bb-0310-9956-ffa450edef68
---
.../xerces/util/SoftReferenceSymbolTable.java | 40 ++++++++++++++-----
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/src/org/apache/xerces/util/SoftReferenceSymbolTable.java b/src/org/apache/xerces/util/SoftReferenceSymbolTable.java
index aebe2f449..542bfb7da 100644
--- a/src/org/apache/xerces/util/SoftReferenceSymbolTable.java
+++ b/src/org/apache/xerces/util/SoftReferenceSymbolTable.java
@@ -200,12 +200,26 @@ public String addSymbol(char[] buffer, int offset, int length) {
* and load factor.
*/
protected void rehash() {
-
- int oldCapacity = fBuckets.length;
- SREntry[] oldTable = fBuckets;
-
- int newCapacity = oldCapacity * 2 + 1;
- SREntry[] newTable = new SREntry[newCapacity];
+ rehashCommon(fBuckets.length * 2 + 1);
+ }
+
+ /**
+ * Reduces the capacity of and internally reorganizes this
+ * SymbolTable, in order to accommodate and access its entries in
+ * a more memory efficient way. This method is called automatically when
+ * the number of keys in the SymbolTable drops below 25% of this
+ * hashtable's load factor (as a result of SoftReferences which have
+ * been cleared).
+ */
+ protected void compact() {
+ rehashCommon(((int) (fCount / fLoadFactor)) * 2 + 1);
+ }
+
+ private void rehashCommon(final int newCapacity) {
+
+ final int oldCapacity = fBuckets.length;
+ final SREntry[] oldTable = fBuckets;
+ final SREntry[] newTable = new SREntry[newCapacity];
fThreshold = (int)(newCapacity * fLoadFactor);
fBuckets = newTable;
@@ -312,9 +312,17 @@ public class SoftReferenceSymbolTable ex
*/
private void clean() {
SREntry entry = (SREntry)fReferenceQueue.poll();
- while (entry != null) {
- removeEntry(entry);
- entry = (SREntry)fReferenceQueue.poll();
+ if (entry != null) {
+ do {
+ removeEntry(entry);
+ entry = (SREntry)fReferenceQueue.poll();
+ }
+ while (entry != null);
+ // Reduce the number of buckets if the number of items
+ // in the table has dropped below 25% of the threshold.
+ if (fCount < (fThreshold >> 2)) {
+ compact();
+ }
}
}

4
xerces-j2-CVE-2013-4002.patch
View File

@ -1,5 +1,5 @@
--- src/org/apache/xerces/impl/XMLScanner.java 2013/07/03 18:25:06 1499505 --- a/src/org/apache/xerces/impl/XMLScanner.java 2013/07/03 18:25:06 1499505
+++ src/org/apache/xerces/impl/XMLScanner.java 2013/07/03 18:29:43 1499506 +++ b/src/org/apache/xerces/impl/XMLScanner.java 2013/07/03 18:29:43 1499506
@@ -542,7 +542,7 @@ @@ -542,7 +542,7 @@
// document is until we scan the encoding declaration // document is until we scan the encoding declaration
// you cannot reliably read any characters outside // you cannot reliably read any characters outside

4
xerces-j2-build.patch
View File

@ -1,5 +1,5 @@
--- build.xml.orig 2010-11-26 20:42:11.000000000 +0000 --- a/build.xml.orig 2010-11-26 20:42:11.000000000 +0000
+++ build.xml 2010-12-11 19:20:35.913500731 +0000 +++ b/build.xml 2010-12-11 19:20:35.913500731 +0000
@@ -108,7 +108,6 @@ @@ -108,7 +108,6 @@
<property name="distsrc.dir" value="${build.dir}/${parser.shortname}-${parser_version}"/> <property name="distsrc.dir" value="${build.dir}/${parser.shortname}-${parser_version}"/>
<property name="disttools.dir" value="${build.dir}/tools"/> <property name="disttools.dir" value="${build.dir}/tools"/>

4
xerces-j2-manifest.patch
View File

@ -1,5 +1,5 @@
--- src/manifest.xerces.orig 2010-11-26 22:42:07.000000000 +0200 --- a/src/manifest.xerces.orig 2010-11-26 22:42:07.000000000 +0200
+++ src/manifest.xerces 2012-12-17 11:11:52.200392844 +0200 +++ b/src/manifest.xerces 2012-12-17 11:11:52.200392844 +0200
@@ -1,5 +1,14 @@ @@ -1,5 +1,14 @@
Manifest-Version: 1.0 Manifest-Version: 1.0
Created-By: @java.version@ (@java.vendor@) Created-By: @java.version@ (@java.vendor@)

9
xerces-j2.spec
View File

@ -1,6 +1,6 @@
Name: xerces-j2 Name: xerces-j2
Version: 2.11.0 Version: 2.11.0
Release: 36 Release: 37
Summary: Java XML parser Summary: Java XML parser
License: ASL 2.0 and W3C License: ASL 2.0 and W3C
URL: http://xerces.apache.org/xerces2-j/ URL: http://xerces.apache.org/xerces2-j/
@ -18,6 +18,9 @@ Source7: %{name}-pom.xml
Patch0: %{name}-build.patch Patch0: %{name}-build.patch
Patch1: %{name}-manifest.patch Patch1: %{name}-manifest.patch
Patch2: xerces-j2-CVE-2013-4002.patch Patch2: xerces-j2-CVE-2013-4002.patch
Patch3: JIRA-Issue-1521-http-issues.apache.org-jira-browse-X.patch
Patch4: JIRA-Issue-1499-http-issues.apache.org-jira-browse-X.patch
Patch5: CVE-2012-0881.patch
BuildRequires: javapackages-local ant apache-parent xalan-j2 >= 2.7.1 BuildRequires: javapackages-local ant apache-parent xalan-j2 >= 2.7.1
BuildRequires: xml-commons-apis >= 1.4.01 xml-commons-resolver >= 1.2 BuildRequires: xml-commons-apis >= 1.4.01 xml-commons-resolver >= 1.2
@ -72,7 +75,7 @@ Obsoletes: %{name}-javadoc-other < %{version}-%{release}
Man pages and other related documents for %{name}. Man pages and other related documents for %{name}.
%prep %prep
%autosetup -p0 -n xerces-2_11_0 %autosetup -p1 -n xerces-2_11_0
install -d tools/org/apache/xerces/util install -d tools/org/apache/xerces/util
install -d tools/bin install -d tools/bin
cp -a %{SOURCE3} %{SOURCE5} %{SOURCE6} tools/org/apache/xerces/util cp -a %{SOURCE3} %{SOURCE5} %{SOURCE6} tools/org/apache/xerces/util
@ -132,5 +135,7 @@ ln -sf %{name}.jar %{_javadir}/jaxp_parser_impl.jar
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Sat Sep 19 2020 wangxiao<wangxiao65@huawei.com> - 2.11.0-37
- fix CVE-2012-0881
* Mon Feb 17 2020 zhouyihang<zhouyihang1@huawei.com> - 2.11.0-36 * Mon Feb 17 2020 zhouyihang<zhouyihang1@huawei.com> - 2.11.0-36
- Package init - Package init