You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tuscany.apache.org by Caroline Maynard <ce...@php.net> on 2007/11/02 12:32:05 UTC
[SDO C++] AccessViolation in XMLHelperImpl
A user has found a vulnerability in XMLHelperImpl::createDocument, the
one with the const char * parameters. The problem being that the root
element name is initialized with the parameter >before< the code which
checks for the parameter being null. I'll add a guard for this in the
PHP code, but really it should be fixed in Tuscany. Could someone apply
this patch, please:
Index:
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
===================================================================
---
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
(revision 568508)
+++
C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
(working copy)
@@ -172,7 +172,7 @@
const char* rootElementName)
{
SDOString uri;
- SDOString name = rootElementName;
+ SDOString name;
if (0 == rootElementURI)
uri = "";
else
The patch was created against the branch, but the same code exists in
the trunk.
---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-dev-help@ws.apache.org
Re: [SDO C++] AccessViolation in XMLHelperImpl
Posted by Caroline Maynard <ce...@php.net>.
Pete Robbins wrote:
> Thanks for that. I'll fix it right away.
>
Thanks, Pete
---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-dev-help@ws.apache.org
Re: [SDO C++] AccessViolation in XMLHelperImpl
Posted by Pete Robbins <ro...@googlemail.com>.
Thanks for that. I'll fix it right away.
On 02/11/2007, Caroline Maynard <ce...@php.net> wrote:
> A user has found a vulnerability in XMLHelperImpl::createDocument, the
> one with the const char * parameters. The problem being that the root
> element name is initialized with the parameter >before< the code which
> checks for the parameter being null. I'll add a guard for this in the
> PHP code, but really it should be fixed in Tuscany. Could someone apply
> this patch, please:
>
> Index:
> C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
> ===================================================================
> ---
> C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
> (revision 568508)
> +++
> C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
> (working copy)
> @@ -172,7 +172,7 @@
> const char* rootElementName)
> {
> SDOString uri;
> - SDOString name = rootElementName;
> + SDOString name;
> if (0 == rootElementURI)
> uri = "";
> else
>
> The patch was created against the branch, but the same code exists in
> the trunk.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tuscany-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: tuscany-dev-help@ws.apache.org
>
>
--
Pete
---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-dev-help@ws.apache.org