Thanks for that. I'll fix it right away. On 02/11/2007, Caroline Maynard <[EMAIL PROTECTED]> wrote: > A user has found a vulnerability in XMLHelperImpl::createDocument, the > one with the const char * parameters. The problem being that the root > element name is initialized with the parameter >before< the code which > checks for the parameter being null. I'll add a guard for this in the > PHP code, but really it should be fixed in Tuscany. Could someone apply > this patch, please: > > Index: > C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp > =================================================================== > --- > C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp > (revision 568508) > +++ > C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp > (working copy) > @@ -172,7 +172,7 @@ > const char* rootElementName) > { > SDOString uri; > - SDOString name = rootElementName; > + SDOString name; > if (0 == rootElementURI) > uri = ""; > else > > The patch was created against the branch, but the same code exists in > the trunk. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
-- Pete --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]