File jdom-CVE-2021-33813.patch of Package jdom.28016
From bd3ab78370098491911d7fe9d7a43b97144a234e Mon Sep 17 00:00:00 2001
From: Esti <esther.burs@gmail.com>
Date: Thu, 18 Feb 2021 16:40:01 +0200
Subject: [PATCH] fix setFeature bug and add test case
---
jdom/src/java/org/jdom/input/SAXBuilder.java | 10 ++++------
.../test/cases/input/TestSAXBuilder.java | 20 +++++++++++++++++++
2 files changed, 24 insertions(+), 6 deletions(-)
Index: jdom-1.1.3/jdom/src/java/org/jdom/input/SAXBuilder.java
===================================================================
--- jdom-1.1.3.orig/jdom/src/java/org/jdom/input/SAXBuilder.java
+++ jdom-1.1.3/jdom/src/java/org/jdom/input/SAXBuilder.java
@@ -727,6 +727,21 @@ public class SAXBuilder {
}
}
+ // Set any user-specified features on the parser.
+ Iterator iter = features.keySet().iterator();
+ while (iter.hasNext()) {
+ String name = (String)iter.next();
+ Boolean value = (Boolean)features.get(name);
+ internalSetFeature(parser, name, value.booleanValue(), name);
+ }
+
+ // Set any user-specified properties on the parser.
+ iter = properties.keySet().iterator();
+ while (iter.hasNext()) {
+ String name = (String)iter.next();
+ internalSetProperty(parser, name, properties.get(name), name);
+ }
+
// If fastReconfigure is enabled and we failed in the previous attempt
// in configuring entity expansion, then skip this step. This
// saves the work of repeated exception handling on each parse.
@@ -758,20 +773,6 @@ public class SAXBuilder {
private void setFeaturesAndProperties(XMLReader parser,
boolean coreFeatures)
throws JDOMException {
- // Set any user-specified features on the parser.
- Iterator iter = features.keySet().iterator();
- while (iter.hasNext()) {
- String name = (String)iter.next();
- Boolean value = (Boolean)features.get(name);
- internalSetFeature(parser, name, value.booleanValue(), name);
- }
-
- // Set any user-specified properties on the parser.
- iter = properties.keySet().iterator();
- while (iter.hasNext()) {
- String name = (String)iter.next();
- internalSetProperty(parser, name, properties.get(name), name);
- }
if (coreFeatures) {
// Set validation.
@@ -810,6 +811,21 @@ public class SAXBuilder {
}
catch (SAXNotRecognizedException e) { /* Ignore... */ }
catch (SAXNotSupportedException e) { /* Ignore... */ }
+
+ // Set any user-specified features on the parser.
+ Iterator iter = features.keySet().iterator();
+ while (iter.hasNext()) {
+ String name = (String)iter.next();
+ Boolean value = (Boolean)features.get(name);
+ internalSetFeature(parser, name, value.booleanValue(), name);
+ }
+
+ // Set any user-specified properties on the parser.
+ iter = properties.keySet().iterator();
+ while (iter.hasNext()) {
+ String name = (String)iter.next();
+ internalSetProperty(parser, name, properties.get(name), name);
+ }
}
/**
