8343004: Adjust JAXP limits

Reviewed-by: lancea, rriggs
openjdk · Nov 26, 2024 · 28c8729 · 28c8729 · openjdk-notifier · Nov 26, 2024
1 parent 8c2b4f6
commit 28c8729
Show file tree

Hide file tree

Showing 23 changed files with 207 additions and 2,659 deletions.
diff --git a/...xml/share/classes/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java b/...xml/share/classes/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -70,7 +70,7 @@
  * @author Michael Glavassevich, IBM
  * @author Sunitha Reddy, Sun Microsystems
  *
- * @LastModified: July 2023
+ * @LastModified: Nov 2024
  */
 public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
 
@@ -203,7 +203,8 @@ protected boolean scanStartElement() throws IOException, XNIException {
                     fAttributes.getLength() > fElementAttributeLimit){
                 fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
                                              "ElementAttributeLimit",
-                                             new Object[]{rawname, fElementAttributeLimit },
+                                             new Object[]{rawname, fElementAttributeLimit,
+                                                 XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT.systemProperty() },
                                              XMLErrorReporter.SEVERITY_FATAL_ERROR );
             }
 

diff --git a/...share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java b/...share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -74,7 +74,7 @@
  * @author Eric Ye, IBM
  * @author Sunitha Reddy, SUN Microsystems
  *
- * @LastModified: Nov 2023
+ * @LastModified: Nov 2024
  */
 public class XMLDocumentFragmentScannerImpl
         extends XMLScanner
@@ -1374,7 +1374,8 @@ protected boolean scanStartElement()
                         fAttributes.getLength() > fElementAttributeLimit){
                     fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
                                                  "ElementAttributeLimit",
-                                                 new Object[]{rawname, fElementAttributeLimit },
+                                                 new Object[]{rawname, fElementAttributeLimit,
+                                                     XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT.systemProperty() },
                                                  XMLErrorReporter.SEVERITY_FATAL_ERROR );
                 }
 
@@ -1885,7 +1886,7 @@ void checkDepth(String elementName) {
             reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
                 fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
                 fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
-                "maxElementDepth"});
+                Limit.MAX_ELEMENT_DEPTH_LIMIT.systemProperty()});
         }
     }
 

diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
@@ -1462,7 +1462,8 @@ public void startEntity(boolean isGE, String name,
         if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex, fLimitAnalyzer)){
             fSecurityManager.debugPrint(fLimitAnalyzer);
             fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimit",
-                    new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)},
+                    new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex),
+                    Limit.ENTITY_EXPANSION_LIMIT.systemProperty()},
                     XMLErrorReporter.SEVERITY_FATAL_ERROR );
             // is there anything better to do than reset the counter?
             // at least one can envision debugging applications where this might

diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -57,7 +57,7 @@
  * @author Arnaud  Le Hors, IBM
  * @author K.Venugopal Sun Microsystems
  *
- * @LastModified: July 2023
+ * @LastModified: Nov 2024
  */
 public class XMLEntityScanner implements XMLLocator  {
 
@@ -1009,7 +1009,7 @@ protected void checkLimit(Limit limit, ScannedEntity entity, int offset, int len
             fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, "TotalEntitySizeLimit",
                     new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                 fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
-                fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)},
+                Limit.TOTAL_ENTITY_SIZE_LIMIT.systemProperty()},
                     XMLErrorReporter.SEVERITY_FATAL_ERROR);
         }
     }

diff --git a/...a.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java b/...a.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -54,7 +54,7 @@
  * @author Venugopal Rao K, Sun Microsystems
  * @author Elena Litani, IBM
  *
- * @LastModified: July 2023
+ * @LastModified: Nov 2024
  */
 public class XMLNSDocumentScannerImpl
         extends XMLDocumentScannerImpl {
@@ -253,7 +253,8 @@ protected boolean scanStartElement()
                         fAttributes.getLength() > fElementAttributeLimit){
                     fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
                                                  "ElementAttributeLimit",
-                                                 new Object[]{rawname, fElementAttributeLimit },
+                                                 new Object[]{rawname, fElementAttributeLimit,
+                                                     XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT.systemProperty() },
                                                  XMLErrorReporter.SEVERITY_FATAL_ERROR );
                 }
 

diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLScanner.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLScanner.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -67,7 +67,7 @@
  * @author Eric Ye, IBM
  * @author K.Venugopal SUN Microsystems
  * @author Sunitha Reddy, SUN Microsystems
- * @LastModified: July 2023
+ * @LastModified: Nov 2024
  */
 public abstract class XMLScanner
         implements XMLComponent {
@@ -1527,7 +1527,7 @@ void checkEntityLimit(boolean isPEDecl, String entityName, int len) {
                 reportFatalError("MaxEntitySizeLimit", new Object[]{"%" + entityName,
                     fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
                     fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
-                    fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)});
+                    XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT.systemProperty()});
             }
         } else {
             fLimitAnalyzer.addValue(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, entityName, len);
@@ -1536,7 +1536,7 @@ void checkEntityLimit(boolean isPEDecl, String entityName, int len) {
                 reportFatalError("MaxEntitySizeLimit", new Object[]{entityName,
                     fLimitAnalyzer.getValue(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT),
                     fSecurityManager.getLimit(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT),
-                    fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT)});
+                    XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT.systemProperty()});
             }
         }
         if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {

diff --git a/...java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties b/...java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties
@@ -315,8 +315,8 @@
 
 
 # Implementation limits
-        EntityExpansionLimit=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK.
-        ElementAttributeLimit=JAXP00010002:  Element \"{0}\" has more than \"{1}\" attributes, \"{1}\" is the limit imposed by the JDK.
+        EntityExpansionLimit=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by \"{1}\".
+        ElementAttributeLimit=JAXP00010002:  Element \"{0}\" has more than \"{1}\" attributes, \"{1}\" is the limit set by \"{2}\".
         MaxEntitySizeLimit=JAXP00010003: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".
         TotalEntitySizeLimit=JAXP00010004: The accumulated size of entities is \"{0}\" that exceeded the \"{1}\" limit set by \"{2}\".
         MaxXMLNameLimit=JAXP00010005: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".

diff --git a/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityManager.java b/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityManager.java
@@ -100,23 +100,23 @@ public final class XMLSecurityManager {
     @SuppressWarnings("deprecation")
     public static enum Limit {
         ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", JdkConstants.JDK_ENTITY_EXPANSION_LIMIT,
-            JdkConstants.SP_ENTITY_EXPANSION_LIMIT, JdkConstants.ENTITY_EXPANSION_LIMIT, 0, 64000, Processor.PARSER, INTMAPPER),
+            JdkConstants.SP_ENTITY_EXPANSION_LIMIT, JdkConstants.ENTITY_EXPANSION_LIMIT, 2500, 2500, Processor.PARSER, INTMAPPER),
         MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", JdkConstants.JDK_MAX_OCCUR_LIMIT,
-            JdkConstants.SP_MAX_OCCUR_LIMIT, JdkConstants.MAX_OCCUR_LIMIT, 0, 5000, Processor.PARSER, INTMAPPER),
+            JdkConstants.SP_MAX_OCCUR_LIMIT, JdkConstants.MAX_OCCUR_LIMIT, 5000, 5000, Processor.PARSER, INTMAPPER),
         ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", JdkConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
-            JdkConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, JdkConstants.ELEMENT_ATTRIBUTE_LIMIT, 0, 10000, Processor.PARSER, INTMAPPER),
+            JdkConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, JdkConstants.ELEMENT_ATTRIBUTE_LIMIT, 200, 200, Processor.PARSER, INTMAPPER),
         TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", JdkConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
-            JdkConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, null, 0, 50000000, Processor.PARSER, INTMAPPER),
+            JdkConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, null, 100000, 100000, Processor.PARSER, INTMAPPER),
         GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", JdkConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
-            JdkConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, null, 0, 0, Processor.PARSER, INTMAPPER),
-        PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", JdkConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
-            JdkConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, null, 0, 1000000, Processor.PARSER, INTMAPPER),
+            JdkConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, null, 100000, 100000, Processor.PARSER, INTMAPPER),
+        PARAMETER_ENTITY_SIZE_LIMIT("MaxParameterEntitySizeLimit", JdkConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
+            JdkConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, null, 15000, 15000, Processor.PARSER, INTMAPPER),
         MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", JdkConstants.JDK_MAX_ELEMENT_DEPTH,
-            JdkConstants.SP_MAX_ELEMENT_DEPTH, null, 0, 0, Processor.PARSER, INTMAPPER),
+            JdkConstants.SP_MAX_ELEMENT_DEPTH, null, 100, 100, Processor.PARSER, INTMAPPER),
         MAX_NAME_LIMIT("MaxXMLNameLimit", JdkConstants.JDK_XML_NAME_LIMIT,
             JdkConstants.SP_XML_NAME_LIMIT, null, 1000, 1000, Processor.PARSER, INTMAPPER),
         ENTITY_REPLACEMENT_LIMIT("EntityReplacementLimit", JdkConstants.JDK_ENTITY_REPLACEMENT_LIMIT,
-            JdkConstants.SP_ENTITY_REPLACEMENT_LIMIT, null, 0, 3000000, Processor.PARSER, INTMAPPER),
+            JdkConstants.SP_ENTITY_REPLACEMENT_LIMIT, null, 100000, 100000, Processor.PARSER, INTMAPPER),
         XPATH_GROUP_LIMIT("XPathGroupLimit", JdkConstants.XPATH_GROUP_LIMIT,
             JdkConstants.XPATH_GROUP_LIMIT, null, 10, 10, Processor.XPATH, INTMAPPER),
         XPATH_OP_LIMIT("XPathExprOpLimit", JdkConstants.XPATH_OP_LIMIT,

diff --git a/src/java.xml/share/classes/module-info.java b/src/java.xml/share/classes/module-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -602,8 +602,8 @@
  * A positive integer. A value less than or equal to 0 indicates no limit.
  * If the value is not an integer, a NumberFormatException is thrown.
  * </td>
- * <td style="text-align:center">64000</td>
- * <td style="text-align:center">64000</td>
+ * <td style="text-align:center">2500</td>
+ * <td style="text-align:center">2500</td>
  * <td style="text-align:center" rowspan="9">Yes</td>
  * <td style="text-align:center" rowspan="9">
  *     <a href="#DOM">DOM</a><br>
@@ -619,8 +619,8 @@
  * <td id="EALimit">{@systemProperty jdk.xml.elementAttributeLimit}</td>
  * <td>Limits the number of attributes an element can have.
  * </td>
- * <td style="text-align:center">10000</td>
- * <td style="text-align:center">10000</td>
+ * <td style="text-align:center">200</td>
+ * <td style="text-align:center">200</td>
  * </tr>
  * <tr>
  * <td id="OccurLimit">{@systemProperty jdk.xml.maxOccurLimit}</td>
@@ -636,37 +636,37 @@
  * <td>Limits the total size of all entities that include general and parameter
  * entities. The size is calculated as an aggregation of all entities.
  * </td>
- * <td style="text-align:center">5x10^7</td>
- * <td style="text-align:center">5x10^7</td>
+ * <td style="text-align:center">100000</td>
+ * <td style="text-align:center">100000</td>
  * </tr>
  * <tr>
  * <td id="GELimit">{@systemProperty jdk.xml.maxGeneralEntitySizeLimit}</td>
  * <td>Limits the maximum size of any general entities.
  * </td>
- * <td style="text-align:center">0</td>
- * <td style="text-align:center">0</td>
+ * <td style="text-align:center">100000</td>
+ * <td style="text-align:center">100000</td>
  * </tr>
  * <tr>
  * <td id="PELimit">{@systemProperty jdk.xml.maxParameterEntitySizeLimit}</td>
  * <td>Limits the maximum size of any parameter entities, including the result
  * of nesting multiple parameter entities.
  * </td>
- * <td style="text-align:center">10^6</td>
- * <td style="text-align:center">10^6</td>
+ * <td style="text-align:center">15000</td>
+ * <td style="text-align:center">15000</td>
  * </tr>
  * <tr>
  * <td id="ERLimit">{@systemProperty jdk.xml.entityReplacementLimit}</td>
  * <td>Limits the total number of nodes in all entity references.
  * </td>
- * <td style="text-align:center">3x10^6</td>
- * <td style="text-align:center">3x10^6</td>
+ * <td style="text-align:center">100000</td>
+ * <td style="text-align:center">100000</td>
  * </tr>
  * <tr>
  * <td id="ElementDepth">{@systemProperty jdk.xml.maxElementDepth}</td>
  * <td>Limits the maximum element depth.
  * </td>
- * <td style="text-align:center">0</td>
- * <td style="text-align:center">0</td>
+ * <td style="text-align:center">100</td>
+ * <td style="text-align:center">100</td>
  * </tr>
  * <tr>
  * <td id="NameLimit">{@systemProperty jdk.xml.maxXMLNameLimit}</td>

diff --git a/src/java.xml/share/conf/jaxp-strict.properties.template b/src/java.xml/share/conf/jaxp-strict.properties.template
@@ -95,16 +95,16 @@ jdk.xml.maxParameterEntitySizeLimit=15000
 # Limits the total number of nodes in all entity references.
 jdk.xml.entityReplacementLimit=100000
 #
-# Limits the number of attributes an element can have. The default value is 10000.
-jdk.xml.elementAttributeLimit=10000
+# Limits the number of attributes an element can have. The default value is 200.
+jdk.xml.elementAttributeLimit=200
 #
 # Limits the number of content model nodes that may be created when building a
 # grammar for a W3C XML Schema that contains maxOccurs attributes with values
 # other than "unbounded". The default value is 5000.
 jdk.xml.maxOccurLimit=5000
 #
-# Limits the maximum element depth. The default value is 0.
-jdk.xml.maxElementDepth=0
+# Limits the maximum element depth. The default value is 100.
+jdk.xml.maxElementDepth=100
 #
 # Limits the maximum size of XML names, including element name, attribute name
 # and namespace prefix and URI. The default value is 1000.

diff --git a/src/java.xml/share/conf/jaxp.properties b/src/java.xml/share/conf/jaxp.properties
@@ -156,33 +156,33 @@ jdk.xml.dtd.support=allow
 # Limits have a value type Integer. The values must be positive integers. Zero
 # means no limit.
 #
-# Limits the number of entity expansions. The default value is 64000
-# jdk.xml.entityExpansionLimit=64000
+# Limits the number of entity expansions. The default value is 2500
+jdk.xml.entityExpansionLimit=2500
 #
 # Limits the total size of all entities that include general and parameter entities.
-# The size is calculated as an aggregation of all entities. The default value is 5x10^7.
-# jdk.xml.totalEntitySizeLimit=50000000
+# The size is calculated as an aggregation of all entities. The default value is 100000.
+jdk.xml.totalEntitySizeLimit=100000
 #
-# Limits the maximum size of any general entities. The default value is 0.
-# jdk.xml.maxGeneralEntitySizeLimit=0
+# Limits the maximum size of any general entities. The default value is 100000.
+jdk.xml.maxGeneralEntitySizeLimit=100000
 #
 # Limits the maximum size of any parameter entities, including the result of
-# nesting multiple parameter entities. The default value is 10^6.
-# jdk.xml.maxParameterEntitySizeLimit=1000000
+# nesting multiple parameter entities. The default value is 15000.
+jdk.xml.maxParameterEntitySizeLimit=15000
 #
-# Limits the total number of nodes in all entity references. The default value is 3x10^6.
-# jdk.xml.entityReplacementLimit=3000000
+# Limits the total number of nodes in all entity references. The default value is 100000.
+jdk.xml.entityReplacementLimit=100000
 #
-# Limits the number of attributes an element can have. The default value is 10000.
-# jdk.xml.elementAttributeLimit=10000
+# Limits the number of attributes an element can have. The default value is 200.
+jdk.xml.elementAttributeLimit=200
 #
 # Limits the number of content model nodes that may be created when building a
 # grammar for a W3C XML Schema that contains maxOccurs attributes with values
 # other than "unbounded". The default value is 5000.
-# jdk.xml.maxOccurLimit=5000
+jdk.xml.maxOccurLimit=5000
 #
-# Limits the maximum element depth. The default value is 0.
-# jdk.xml.maxElementDepth=0
+# Limits the maximum element depth. The default value is 100.
+jdk.xml.maxElementDepth=100
 #
 # Limits the maximum size of XML names, including element name, attribute name
 # and namespace prefix and URI. The default value is 1000.