A user has found a vulnerability in XMLHelperImpl::createDocument, the
one with the const char * parameters. The problem being that the root
element name is initialized with the parameter >before< the code which
checks for the parameter being null. I'll add a guard for this in the
PHP code, but really it should be fixed in Tuscany. Could someone apply
this patch, please:
Index:
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
===================================================================
---
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
(revision 568508)
+++
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
(working copy)
@@ -172,7 +172,7 @@
const char* rootElementName)
{
SDOString uri;
- SDOString name = rootElementName;
+ SDOString name;
if (0 == rootElementURI)
uri = "";
else
The patch was created against the branch, but the same code exists in
the trunk.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
