Re: [SDO C++] AccessViolation in XMLHelperImpl

2007-11-05 Thread Pete Robbins 
Thanks for that. I'll fix it right away.

On 02/11/2007, Caroline Maynard [EMAIL PROTECTED] wrote:
 A user has found a vulnerability in XMLHelperImpl::createDocument, the
 one with the const char * parameters. The problem being that the root
 element name is initialized with the parameter before the code which
 checks for the parameter being null. I'll add a guard for this in the
 PHP code, but really it should be fixed in Tuscany. Could someone apply
 this patch, please:

 Index:
 C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
 ===
 ---
 C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
 (revision 568508)
 +++
 C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
 (working copy)
 @@ -172,7 +172,7 @@
  const char* rootElementName)
  {
SDOString uri;
 -   SDOString name = rootElementName;
 +   SDOString name;
if (0 == rootElementURI)
  uri = ;
  else

 The patch was created against the branch, but the same code exists in
 the trunk.


 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




-- 
Pete

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [SDO C++] AccessViolation in XMLHelperImpl

2007-11-05 Thread Caroline Maynard 

Pete Robbins wrote:

Thanks for that. I'll fix it right away.



Thanks, Pete


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[SDO C++] AccessViolation in XMLHelperImpl

2007-11-02 Thread Caroline Maynard 
A user has found a vulnerability in XMLHelperImpl::createDocument, the 
one with the const char * parameters. The problem being that the root 
element name is initialized with the parameter before the code which 
checks for the parameter being null. I'll add a guard for this in the 
PHP code, but really it should be fixed in Tuscany. Could someone apply 
this patch, please:


Index: 
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp

===
--- 
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp 
(revision 568508)
+++ 
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp 
(working copy)

@@ -172,7 +172,7 @@
 const char* rootElementName)
 {
SDOString uri;
-   SDOString name = rootElementName;
+   SDOString name;
if (0 == rootElementURI)
  uri = ;
  else

The patch was created against the branch, but the same code exists in 
the trunk.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]