Resolution: Cannot Reproduce
Affects Version/s: JiBX 1.1.4
Fix Version/s: None
Number of attachments :
We spotted this as part of some security testing.
The XML fragment "<?xml/.:/AAAAA.....(5000 times)...AAAAA="1.0" encoding="UTF-8"?>" caused the JIBX runtime to spin in an infinite loop while parsing the string.
Under the debugger I noticed that the loop is in the InputStreamWrapper class. We are running an older version of JIBX 1.1.4.
We don't specify the encoding while unmarshalling and this is the trigger. If we specify UTF-8 as the encoding this problem doesn't happen. I looked at the code and I see that the scan logic doesn't check to see that the end of buffer has been reached.
|Field||Original Value||New Value|
|Component/s||core [ 10676 ]|
|Component/s||JiBX/WS [ 13622 ]|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Assignee||Dennis Sosnoski [ dsosnoski ]|
|Resolution||Cannot Reproduce [ 5 ]|
|Status||Resolved [ 5 ]||Closed [ 6 ]|