mirror of https://github.com/apache/lucene.git
Fix XXE vulnerability in MBeansHandler diff feature
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1715863 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
11d8f445be
commit
8090380ecd
|
@ -401,6 +401,8 @@ Bug Fixes
|
|||
* SOLR-5971: Fix error 'Illegal character in query' when proxying request.
|
||||
(Uwe Schindler, Ishan Chattopadhyaya, Eric Bus)
|
||||
|
||||
* SOLR-8307: Fix XXE vulnerability in MBeansHandler "diff" feature (Erik Hatcher)
|
||||
|
||||
Optimizations
|
||||
----------------------
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@ public class DocumentAnalysisRequestHandler extends AnalysisRequestHandlerBase {
|
|||
inputFactory.setProperty("reuse-instance", Boolean.FALSE);
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Other implementations will likely throw this exception since "reuse-instance"
|
||||
// isimplementation specific.
|
||||
// is implementation specific.
|
||||
log.debug("Unable to set the 'reuse-instance' property for the input factory: " + inputFactory);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -106,7 +106,7 @@ public class SolrInfoMBeanHandler extends RequestHandlerBase {
|
|||
try {
|
||||
XMLResponseParser parser = new XMLResponseParser();
|
||||
return (NamedList<NamedList<NamedList<Object>>>)
|
||||
parser.processResponse(new StringReader(content.substring(idx))).get("solr-mbeans");
|
||||
parser.processResponse(new StringReader(content)).get("solr-mbeans");
|
||||
}
|
||||
catch(Exception ex) {
|
||||
throw new SolrException(ErrorCode.BAD_REQUEST, "Unable to read original XML", ex);
|
||||
|
|
|
@ -70,4 +70,19 @@ public class MBeansHandlerTest extends SolrTestCaseJ4 {
|
|||
NamedList<NamedList<NamedList<Object>>> nl = SolrInfoMBeanHandler.fromXML(xml);
|
||||
assertNotNull( nl.get("QUERYHANDLER").get("org.apache.solr.handler.admin.CollectionsHandler"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testXMLDiffWithExternalEntity() throws Exception {
|
||||
String file = getFile("mailing_lists.pdf").toURI().toASCIIString();
|
||||
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
|
||||
"<!DOCTYPE foo [<!ENTITY bar SYSTEM \""+file+"\">]>\n" +
|
||||
"<response>\n" +
|
||||
"&bar;" +
|
||||
"<lst name=\"responseHeader\"><int name=\"status\">0</int><int name=\"QTime\">31</int></lst><lst name=\"solr-mbeans\"></lst>\n" +
|
||||
"</response>";
|
||||
|
||||
NamedList<NamedList<NamedList<Object>>> nl = SolrInfoMBeanHandler.fromXML(xml);
|
||||
|
||||
assertTrue("external entity ignored properly", true);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -25,6 +25,7 @@ import org.apache.solr.common.util.DateUtil;
|
|||
import org.apache.solr.common.util.NamedList;
|
||||
import org.apache.solr.common.util.SimpleOrderedMap;
|
||||
import org.apache.solr.common.util.XMLErrorLogger;
|
||||
import org.apache.solr.util.EmptyEntityResolver;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
@ -56,6 +57,8 @@ public class XMLResponseParser extends ResponseParser
|
|||
static final XMLInputFactory factory;
|
||||
static {
|
||||
factory = XMLInputFactory.newInstance();
|
||||
EmptyEntityResolver.configureXMLInputFactory(factory);
|
||||
|
||||
try {
|
||||
// The java 1.6 bundled stax parser (sjsxp) does not currently have a thread-safe
|
||||
// XMLInputFactory, as that implementation tries to cache and reuse the
|
||||
|
|
Loading…
Reference in New Issue