[
https://issues.apache.org/jira/browse/TIKA-1322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14019755#comment-14019755
]
Hudson commented on TIKA-1322:
------------------------------
SUCCESS: Integrated in tika-trunk-jdk1.6 #25 (See
[https://builds.apache.org/job/tika-trunk-jdk1.6/25/])
Patch from Matthias Krueger from TIKA-1322 - XMLParser opens a p tag at the
start, so always close it (not just on valid files), to avoid triggering the
SecureContentHandler depth check on multiple xml errors. This closes #9 from
github (nick: http://svn.apache.org/viewvc/tika/trunk/?view=rev&rev=1600841)
*
/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java
*
/tika/trunk/tika-parsers/src/test/java/org/apache/tika/parser/AutoDetectParserTest.java
> XML file parse errors within archives trigger Zip bomb detection
> ----------------------------------------------------------------
>
> Key: TIKA-1322
> URL: https://issues.apache.org/jira/browse/TIKA-1322
> Project: Tika
> Issue Type: Bug
> Components: parser
> Affects Versions: 1.5
> Reporter: Matthias Krueger
> Priority: Minor
> Fix For: 1.6
>
>
> Tika parses XML input using org.apache.tika.parser.xml.XMLParser. XMLParser
> opens a "p" tag before a SAXParser's output of the input XML is appended. A
> possible SAXException during parsing is rethrown but the opened "p" tag not
> closed. The Zip bomb detection in SecureContentHandler relies on consistent
> starting and closing of elements. With the current behaviour of XMLParser it
> will be triggered, for example, if an archive contains 10
> (SecureContentHandler#maxPackageEntryDepth) invalid XML files.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
