[
http://jira.codehaus.org/browse/JIBX-333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nigel Charman updated JIBX-333:
-------------------------------
Component/s: (was: JiBX/WS)
core
> JiBX goes into infinite loop parsing errorneous XML string when encoding in
> unspecified.
> ----------------------------------------------------------------------------------------
>
> Key: JIBX-333
> URL: http://jira.codehaus.org/browse/JIBX-333
> Project: JiBX
> Issue Type: Bug
> Components: core
> Affects Versions: JiBX 1.1.4
> Environment: Linux/Java 1.6.0_06
> Reporter: Chandra Shetty
>
> We spotted this as part of some security testing.
> The XML fragment "<?xml/.:/AAAAA.....(5000 times)...AAAAA="1.0"
> encoding="UTF-8"?>" caused the JIBX runtime to spin in an infinite loop while
> parsing the string.
> Under the debugger I noticed that the loop is in the InputStreamWrapper
> class. We are running an older version of JIBX 1.1.4.
> We don't specify the encoding while unmarshalling and this is the trigger. If
> we specify UTF-8 as the encoding this problem doesn't happen. I looked at the
> code and I see that the scan logic doesn't check to see that the end of
> buffer has been reached.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
jibx-devs mailing list
jibx-devs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jibx-devs
