8086733: Improve namespace handling

Reviewed-by: dfuchs, lancea, ahgross

jaxp/src/java.xml/share/classes/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java

@@ -65,27 +65,31 @@ public final class XMLSecurityManager {
      */
     public static enum Limit {
 
-        ENTITY_EXPANSION_LIMIT(XalanConstants.JDK_ENTITY_EXPANSION_LIMIT,
+        ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", XalanConstants.JDK_ENTITY_EXPANSION_LIMIT,
                 XalanConstants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
-        MAX_OCCUR_NODE_LIMIT(XalanConstants.JDK_MAX_OCCUR_LIMIT,
+        MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", XalanConstants.JDK_MAX_OCCUR_LIMIT,
                 XalanConstants.SP_MAX_OCCUR_LIMIT, 0, 5000),
-        ELEMENT_ATTRIBUTE_LIMIT(XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
+        ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
                 XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
-        TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
+        TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
                 XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
-        GENERAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
+        GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
                 XalanConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
-        PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
+        PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
                 XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
-        MAX_ELEMENT_DEPTH_LIMIT(XalanConstants.JDK_MAX_ELEMENT_DEPTH,
+        MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", XalanConstants.JDK_MAX_ELEMENT_DEPTH,
-                XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0);
+                XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0),
+        MAX_NAME_LIMIT("MaxXMLNameLimit", XalanConstants.JDK_XML_NAME_LIMIT,
+                XalanConstants.SP_XML_NAME_LIMIT, 1000, 1000);
 
+        final String key;
         final String apiProperty;
         final String systemProperty;
         final int defaultValue;
         final int secureValue;
 
-        Limit(String apiProperty, String systemProperty, int value, int secureValue) {
+        Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) {
+            this.key = key;
             this.apiProperty = apiProperty;
             this.systemProperty = systemProperty;
             this.defaultValue = value;
@@ -100,6 +104,10 @@ public final class XMLSecurityManager {
             return (propertyName == null) ? false : systemProperty.equals(propertyName);
         }
 
+        public String key() {
+            return key;
+        }
+
         public String apiProperty() {
             return apiProperty;
         }
@@ -108,7 +116,7 @@ public final class XMLSecurityManager {
             return systemProperty;
         }
 
-        int defaultValue() {
+        public int defaultValue() {
             return defaultValue;
         }
 
@@ -160,7 +168,7 @@ public final class XMLSecurityManager {
     /**
      * Index of the special entityCountInfo property
      */
-    private int indexEntityCountInfo = 10000;
+    private final int indexEntityCountInfo = 10000;
     private String printEntityCountInfo = "";
 
     /**

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XML11DocumentScannerImpl.java

@@ -331,7 +331,7 @@ public class XML11DocumentScannerImpl
                                                          new Object[]{entityName});
                                     }
                                 }
-                                fEntityManager.startEntity(entityName, true);
+                                fEntityManager.startEntity(false, entityName, true);
                             }
                         }
                     }

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XML11EntityScanner.java

@@ -1,62 +1,21 @@
 /*
- * reserved comment block
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT REMOVE OR ALTER!
  */
+
 /*
- * The Apache Software License, Version 1.1
+ * Copyright 2005 The Apache Software Foundation.
  *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
  *
- * Copyright (c) 1999-2002 The Apache Software Foundation.
+ *      http://www.apache.org/licenses/LICENSE-2.0
- * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without
+ * Unless required by applicable law or agreed to in writing, software
- * modification, are permitted provided that the following conditions
+ * distributed under the License is distributed on an "AS IS" BASIS,
- * are met:
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
+ * See the License for the specific language governing permissions and
- * 1. Redistributions of source code must retain the above copyright
+ * limitations under the License.
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Xerces" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation and was
- * originally based on software copyright (c) 1999, International
- * Business Machines, Inc., http://www.apache.org.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
  */
 
 package com.sun.org.apache.xerces.internal.impl;
@@ -65,6 +24,8 @@ import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.XML11Char;
 import com.sun.org.apache.xerces.internal.util.XMLChar;
 import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
 import com.sun.org.apache.xerces.internal.xni.QName;
 import com.sun.org.apache.xerces.internal.xni.XMLString;
 import java.io.IOException;
@@ -689,9 +650,13 @@ public class XML11EntityScanner
                         break;
                     }
                     index = fCurrentEntity.position;
+                    //check prefix before further read
+                    checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, index - offset);
                 }
                 if (++fCurrentEntity.position == fCurrentEntity.count) {
                     int length = fCurrentEntity.position - offset;
+                    //check localpart before loading more data
+                    checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length - index - 1);
                     invokeListeners(length);
                     if (length == fCurrentEntity.ch.length) {
                         // bad luck we have to resize our buffer
@@ -785,6 +750,8 @@ public class XML11EntityScanner
                                                     offset, length);
             if (index != -1) {
                 int prefixLength = index - offset;
+                //check the result: prefix
+                checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, prefixLength);
                 prefix = fSymbolTable.addSymbol(fCurrentEntity.ch,
                                                     offset, prefixLength);
                 int len = length - prefixLength - 1;
@@ -797,12 +764,16 @@ public class XML11EntityScanner
                                                null,
                                                XMLErrorReporter.SEVERITY_FATAL_ERROR);
                 }
+                //check the result: localpart
+                checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, index + 1, len);
                 localpart = fSymbolTable.addSymbol(fCurrentEntity.ch,
                                                    index + 1, len);
 
             }
             else {
                 localpart = rawname;
+                //check the result: localpart
+                checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length);
             }
             qname.setValues(prefix, localpart, rawname, null);
             return true;
@@ -933,6 +904,9 @@ public class XML11EntityScanner
         }
         int length = fCurrentEntity.position - offset;
         fCurrentEntity.columnNumber += length - newlines;
+        if (fCurrentEntity.reference) {
+            checkLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fCurrentEntity, offset, length);
+        }
         content.setValues(fCurrentEntity.ch, offset, length);
 
         // return next character

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java

@@ -1,62 +1,21 @@
 /*
- * reserved comment block
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT REMOVE OR ALTER!
  */
+
 /*
- * The Apache Software License, Version 1.1
+ * Copyright 2005 The Apache Software Foundation.
  *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
  *
- * Copyright (c) 1999-2003 The Apache Software Foundation.
+ *      http://www.apache.org/licenses/LICENSE-2.0
- * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without
+ * Unless required by applicable law or agreed to in writing, software
- * modification, are permitted provided that the following conditions
+ * distributed under the License is distributed on an "AS IS" BASIS,
- * are met:
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
+ * See the License for the specific language governing permissions and
- * 1. Redistributions of source code must retain the above copyright
+ * limitations under the License.
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Xerces" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation and was
- * originally based on software copyright (c) 2002, International
- * Business Machines, Inc., http://www.apache.org.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
  */
 
 package com.sun.org.apache.xerces.internal.impl;
@@ -67,6 +26,7 @@ import com.sun.org.apache.xerces.internal.impl.dtd.XMLDTDValidatorFilter;
 import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.org.apache.xerces.internal.xni.QName;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -339,36 +299,37 @@ public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
         }
 
         // call handler
+        if (empty) {
+            //decrease the markup depth..
+            fMarkupDepth--;
 
-            if (empty) {
+            // check that this element was opened in the same entity
-
+            if (fMarkupDepth < fEntityStack[fEntityDepth - 1]) {
-                //decrease the markup depth..
+                reportFatalError(
-                fMarkupDepth--;
+                    "ElementEntityMismatch",
-
+                    new Object[] { fCurrentElement.rawname });
-                // check that this element was opened in the same entity
+            }
-                if (fMarkupDepth < fEntityStack[fEntityDepth - 1]) {
-                    reportFatalError(
-                        "ElementEntityMismatch",
-                        new Object[] { fCurrentElement.rawname });
-                }
 
+            if (fDocumentHandler != null) {
                 fDocumentHandler.emptyElement(fElementQName, fAttributes, null);
+            }
 
-                /*if (fBindNamespaces) {
+            /*if (fBindNamespaces) {
-                    fNamespaceContext.popContext();
+                fNamespaceContext.popContext();
-                }*/
+            }*/
-                fScanEndElement = true;
+            fScanEndElement = true;
 
-                //pop the element off the stack..
+            //pop the element off the stack..
-                fElementStack.popElement();
+            fElementStack.popElement();
-            } else {
+        } else {
+            if(dtdGrammarUtil != null) {
+                dtdGrammarUtil.startElement(fElementQName, fAttributes);
+            }
 
-                if(dtdGrammarUtil != null)
+            if (fDocumentHandler != null) {
-                    dtdGrammarUtil.startElement(fElementQName, fAttributes);
-
-                if (fDocumentHandler != null)
                 fDocumentHandler.startElement(fElementQName, fAttributes, null);
             }
+        }
 
         if (DEBUG_START_END_ELEMENT)
             System.out.println("<<< scanStartElement(): " + empty);
@@ -678,7 +639,13 @@ public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
             if (prefix == XMLSymbols.PREFIX_XMLNS
                 || prefix == XMLSymbols.EMPTY_STRING
                 && localpart == XMLSymbols.PREFIX_XMLNS) {
-
+                if (value.length() > fXMLNameLimit) {
+                    fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
+                            "MaxXMLNameLimit",
+                            new Object[]{value, value.length(), fXMLNameLimit,
+                            fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.MAX_NAME_LIMIT)},
+                            XMLErrorReporter.SEVERITY_FATAL_ERROR);
+                }
                 // get the internalized value of this attribute
                 String uri = fSymbolTable.addSymbol(value);
 

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -368,6 +368,8 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
                 }
                 // we're done, set starting state for external subset
                 setScannerState(SCANNER_STATE_TEXT_DECL);
+                // we're done scanning DTD.
+                fLimitAnalyzer.reset(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT);
                 return false;
             }
         } while (complete);
@@ -703,7 +705,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
             fErrorReporter.reportError( XMLMessageFormatter.XML_DOMAIN,"EntityNotDeclared",
             new Object[]{name}, XMLErrorReporter.SEVERITY_ERROR);
         }
-        fEntityManager.startEntity(fSymbolTable.addSymbol(pName),
+        fEntityManager.startEntity(false, fSymbolTable.addSymbol(pName),
         literal);
         // if we actually got a new entity and it's external
         // parse text decl if there is any
@@ -1631,7 +1633,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
         XMLString literal2 = fString;
         int countChar = 0;
         if (fLimitAnalyzer == null ) {
-            fLimitAnalyzer = new XMLLimitAnalyzer();
+            fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
          }
         fLimitAnalyzer.startEntity(entityName);
 
@@ -1639,9 +1641,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
             fStringBuffer.clear();
             fStringBuffer2.clear();
             do {
-                if (isPEDecl && fLimitAnalyzer != null) {
+                checkEntityLimit(isPEDecl, entityName, fString.length + countChar);
-                    checkLimit("%" + entityName, fString.length + countChar);
-                }
                 countChar = 0;
                 fStringBuffer.append(fString);
                 fStringBuffer2.append(fString);
@@ -1727,9 +1727,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
             literal = fStringBuffer;
             literal2 = fStringBuffer2;
         } else {
-            if (isPEDecl) {
+            checkEntityLimit(isPEDecl, entityName, literal);
-                checkLimit("%" + entityName, literal);
-        }
         }
         value.setValues(literal);
         nonNormalizedValue.setValues(literal2);
@@ -2151,35 +2149,49 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
         setScannerState(SCANNER_STATE_TEXT_DECL);
         //new SymbolTable());
 
-        fLimitAnalyzer = new XMLLimitAnalyzer();
+        fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
+        fSecurityManager = fEntityManager.fSecurityManager;
     }
 
     /**
      * Add the count of the content buffer and check if the accumulated
      * value exceeds the limit
+     * @param isPEDecl a flag to indicate whether the entity is parameter
      * @param entityName entity name
      * @param buffer content buffer
      */
-    private void checkLimit(String entityName, XMLString buffer) {
+    private void checkEntityLimit(boolean isPEDecl, String entityName, XMLString buffer) {
-        checkLimit(entityName, buffer.length);
+        checkEntityLimit(isPEDecl, entityName, buffer.length);
     }
 
     /**
      * Add the count and check limit
+     * @param isPEDecl a flag to indicate whether the entity is parameter
      * @param entityName entity name
      * @param len length of the buffer
      */
-    private void checkLimit(String entityName, int len) {
+    private void checkEntityLimit(boolean isPEDecl, String entityName, int len) {
         if (fLimitAnalyzer == null) {
-            fLimitAnalyzer = new XMLLimitAnalyzer();
+            fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
         }
-        fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName, len);
+        if (isPEDecl) {
-        if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
+            fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, "%" + entityName, len);
-                    fSecurityManager.debugPrint(fLimitAnalyzer);
+            if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
-            reportFatalError("MaxEntitySizeLimit", new Object[]{entityName,
+                        fSecurityManager.debugPrint(fLimitAnalyzer);
-                fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
+                reportFatalError("MaxEntitySizeLimit", new Object[]{"%" + entityName,
-                fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
+                    fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
-                fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)});
+                    fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT),
+                    fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)});
+            }
+        } else {
+            fLimitAnalyzer.addValue(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, entityName, len);
+            if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
+                        fSecurityManager.debugPrint(fLimitAnalyzer);
+                reportFatalError("MaxEntitySizeLimit", new Object[]{entityName,
+                    fLimitAnalyzer.getValue(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT),
+                    fSecurityManager.getLimit(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT),
+                    fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT)});
+            }
         }
         if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
             fSecurityManager.debugPrint(fLimitAnalyzer);

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java

@@ -88,7 +88,7 @@ public class XMLDocumentFragmentScannerImpl
     // Constants
     //
 
-    protected int fElementAttributeLimit;
+    protected int fElementAttributeLimit, fXMLNameLimit;
 
     /** External subset resolver. **/
     protected ExternalSubsetResolver fExternalSubsetResolver;
@@ -426,7 +426,7 @@ public class XMLDocumentFragmentScannerImpl
      */
     public void setInputSource(XMLInputSource inputSource) throws IOException {
         fEntityManager.setEntityHandler(this);
-        fEntityManager.startEntity("$fragment$", inputSource, false, true);
+        fEntityManager.startEntity(false, "$fragment$", inputSource, false, true);
         // fDocumentSystemId = fEntityManager.expandSystemId(inputSource.getSystemId());
     } // setInputSource(XMLInputSource)
 
@@ -661,11 +661,12 @@ public class XMLDocumentFragmentScannerImpl
 
         if (fSecurityManager != null) {
             fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
+            fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
         } else {
             fElementAttributeLimit = 0;
+            fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
         }
-        fLimitAnalyzer = new XMLLimitAnalyzer();
+        fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
-        fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
     }
 
     /**
@@ -1906,7 +1907,7 @@ public class XMLDocumentFragmentScannerImpl
         //if that was the case it its taken care in XMLEntityManager.startEntity()
         //we immediately call the endEntity. Application gets to know if there was
         //any entity that was not declared.
-        fEntityManager.startEntity(name, false);
+        fEntityManager.startEntity(true, name, false);
         //set the scaner state to content.. parser will automatically revive itself at any point of time.
         //setScannerState(SCANNER_STATE_CONTENT);
         //return true ;
@@ -2855,8 +2856,6 @@ public class XMLDocumentFragmentScannerImpl
                             if(DEBUG){
                                 System.out.println("NOT USING THE BUFFER, STRING = " + fTempString.toString());
                             }
-                            //check limit before returning event
-                            checkLimit(fContentBuffer);
                             if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){
                                 if(DEBUG)System.out.println("Return SPACE EVENT");
                                 return XMLEvent.SPACE;
@@ -2955,8 +2954,6 @@ public class XMLDocumentFragmentScannerImpl
                             fLastSectionWasCharacterData = true ;
                             continue;
                         }else{
-                            //check limit before returning event
-                            checkLimit(fContentBuffer);
                             if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){
                                 if(DEBUG)System.out.println("Return SPACE EVENT");
                                 return XMLEvent.SPACE;
@@ -3172,31 +3169,6 @@ public class XMLDocumentFragmentScannerImpl
             } //while loop
         }//next
 
-        /**
-         * Add the count of the content buffer and check if the accumulated
-         * value exceeds the limit
-         * @param buffer content buffer
-         */
-        protected void checkLimit(XMLStringBuffer buffer) {
-            if (fLimitAnalyzer.isTracking(fCurrentEntityName)) {
-                fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
-                if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
-                    fSecurityManager.debugPrint(fLimitAnalyzer);
-                    reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName,
-                        fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT),
-                        fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT),
-                        fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)});
-                }
-                if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
-                    fSecurityManager.debugPrint(fLimitAnalyzer);
-                    reportFatalError("TotalEntitySizeLimit",
-                        new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
-                        fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
-                        fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)});
-                }
-            }
-        }
-
         //
         // Protected methods
         //

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java

@@ -404,6 +404,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
      * If this constructor is used to create the object, reset() should be invoked on this object
      */
     public XMLEntityManager() {
+        //for entity managers not created by parsers
+        fSecurityManager = new XMLSecurityManager(true);
         fEntityStorage = new XMLEntityStorage(this) ;
         setScannerVersion(Constants.XML_VERSION_1_0);
     } // <init>()
@@ -581,6 +583,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
     /**
      * This method uses the passed-in XMLInputSource to make
      * fCurrentEntity usable for reading.
+     *
+     * @param reference flag to indicate whether the entity is an Entity Reference.
      * @param name  name of the entity (XML is it's the document entity)
      * @param xmlInputSource    the input source, with sufficient information
      *      to begin scanning characters.
@@ -591,7 +595,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
      *  XNIException    If any parser-specific goes wrong.
      * @return the encoding of the new entity or null if a character stream was employed
      */
-    public String setupCurrentEntity(String name, XMLInputSource xmlInputSource,
+    public String setupCurrentEntity(boolean reference, String name, XMLInputSource xmlInputSource,
             boolean literal, boolean isExternal)
             throws IOException, XNIException {
         // get information
@@ -834,7 +838,9 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
          * in the prolog of the XML document is not considered. Hence, prolog can
          * be read in Chunks of data instead of byte by byte.
          */
-        fCurrentEntity = new com.sun.xml.internal.stream.Entity.ScannedEntity(name,new XMLResourceIdentifierImpl(publicId, literalSystemId, baseSystemId, expandedSystemId),stream, reader, encoding, literal, encodingExternallySpecified, isExternal);
+        fCurrentEntity = new Entity.ScannedEntity(reference, name,
+                new XMLResourceIdentifierImpl(publicId, literalSystemId, baseSystemId, expandedSystemId),
+                stream, reader, encoding, literal, encodingExternallySpecified, isExternal);
         fCurrentEntity.setEncodingExternallySpecified(encodingExternallySpecified);
         fEntityScanner.setCurrentEntity(fCurrentEntity);
         fResourceIdentifier.setValues(publicId, literalSystemId, baseSystemId, expandedSystemId);
@@ -1102,6 +1108,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
     /**
      * Starts a named entity.
      *
+     * @param reference flag to indicate whether the entity is an Entity Reference.
      * @param entityName The name of the entity to start.
      * @param literal    True if this entity is started within a literal
      *                   value.
@@ -1109,7 +1116,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
      * @throws IOException  Thrown on i/o error.
      * @throws XNIException Thrown by entity handler to signal an error.
      */
-    public void startEntity(String entityName, boolean literal)
+    public void startEntity(boolean reference, String entityName, boolean literal)
     throws IOException, XNIException {
 
         // was entity declared?
@@ -1233,7 +1240,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
         }
 
         // start the entity
-        startEntity(entityName, xmlInputSource, literal, external);
+        startEntity(reference, entityName, xmlInputSource, literal, external);
 
     } // startEntity(String,boolean)
 
@@ -1248,7 +1255,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
      */
     public void startDocumentEntity(XMLInputSource xmlInputSource)
     throws IOException, XNIException {
-        startEntity(XMLEntity, xmlInputSource, false, true);
+        startEntity(false, XMLEntity, xmlInputSource, false, true);
     } // startDocumentEntity(XMLInputSource)
 
     //xxx these methods are not required.
@@ -1263,7 +1270,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
      */
     public void startDTDEntity(XMLInputSource xmlInputSource)
     throws IOException, XNIException {
-        startEntity(DTDEntity, xmlInputSource, false, true);
+        startEntity(false, DTDEntity, xmlInputSource, false, true);
     } // startDTDEntity(XMLInputSource)
 
     // indicate start of external subset so that
@@ -1282,6 +1289,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
      * This method can be used to insert an application defined XML
      * entity stream into the parsing stream.
      *
+     * @param reference flag to indicate whether the entity is an Entity Reference.
      * @param name           The name of the entity.
      * @param xmlInputSource The input source of the entity.
      * @param literal        True if this entity is started within a
@@ -1291,12 +1299,12 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
      * @throws IOException  Thrown on i/o error.
      * @throws XNIException Thrown by entity handler to signal an error.
      */
-    public void startEntity(String name,
+    public void startEntity(boolean reference, String name,
             XMLInputSource xmlInputSource,
             boolean literal, boolean isExternal)
             throws IOException, XNIException {
 
-        String encoding = setupCurrentEntity(name, xmlInputSource, literal, isExternal);
+        String encoding = setupCurrentEntity(reference, name, xmlInputSource, literal, isExternal);
 
         //when entity expansion limit is set by the Application, we need to
         //check for the entity expansion limit set by the parser, if number of entity
@@ -1308,7 +1316,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
         }
         if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex, fLimitAnalyzer)){
             fSecurityManager.debugPrint(fLimitAnalyzer);
-            fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimitExceeded",
+            fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimit",
                     new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)},
                                              XMLErrorReporter.SEVERITY_FATAL_ERROR );
             // is there anything better to do than reset the counter?
@@ -1424,10 +1432,6 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
     // XMLComponent methods
     //
     public void reset(PropertyManager propertyManager){
-        //reset fEntityStorage
-        fEntityStorage.reset(propertyManager);
-        //reset XMLEntityReaderImpl
-        fEntityScanner.reset(propertyManager);
         // xerces properties
         fSymbolTable = (SymbolTable)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY);
         fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.ERROR_REPORTER_PROPERTY);
@@ -1450,6 +1454,12 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
 
         fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);
 
+        fLimitAnalyzer = new XMLLimitAnalyzer();
+        //reset fEntityStorage
+        fEntityStorage.reset(propertyManager);
+        //reset XMLEntityReaderImpl
+        fEntityScanner.reset(propertyManager);
+
         // initialize state
         //fStandalone = false;
         fEntities.clear();
@@ -1536,7 +1546,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
     // a class acting as a component manager but not
     // implementing that interface for whatever reason.
     public void reset() {
-
+        fLimitAnalyzer = new XMLLimitAnalyzer();
         // initialize state
         fStandalone = false;
         fEntities.clear();

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -30,10 +30,14 @@ import com.sun.org.apache.xerces.internal.util.EncodingMap;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.XMLChar;
 import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
+import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
 import com.sun.org.apache.xerces.internal.xni.*;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
 import com.sun.xml.internal.stream.Entity;
+import com.sun.xml.internal.stream.Entity.ScannedEntity;
 import com.sun.xml.internal.stream.XMLBufferListener;
 import java.io.EOFException;
 import java.io.IOException;
@@ -60,6 +64,12 @@ public class XMLEntityScanner implements XMLLocator  {
 
     protected XMLEntityManager fEntityManager ;
 
+    /** Security manager. */
+    protected XMLSecurityManager fSecurityManager = null;
+
+    /** Limit analyzer. */
+    protected XMLLimitAnalyzer fLimitAnalyzer = null;
+
     /** Debug switching readers for encodings. */
     private static final boolean DEBUG_ENCODINGS = false;
     /** Listeners which should know when load is being called */
@@ -174,10 +184,7 @@ public class XMLEntityScanner implements XMLLocator  {
     public void reset(PropertyManager propertyManager){
         fSymbolTable = (SymbolTable)propertyManager.getProperty(SYMBOL_TABLE) ;
         fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(ERROR_REPORTER) ;
-        fCurrentEntity = null;
+        resetCommon();
-        whiteSpaceLen = 0;
-        whiteSpaceInfoNeeded = true;
-        listeners.clear();
     }
 
     /**
@@ -196,18 +203,13 @@ public class XMLEntityScanner implements XMLLocator  {
      */
     public void reset(XMLComponentManager componentManager)
     throws XMLConfigurationException {
-
-        //System.out.println(" this is being called");
         // xerces features
         fAllowJavaEncodings = componentManager.getFeature(ALLOW_JAVA_ENCODINGS, false);
 
         //xerces properties
         fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE);
         fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER);
-        fCurrentEntity = null;
+        resetCommon();
-        whiteSpaceLen = 0;
-        whiteSpaceInfoNeeded = true;
-        listeners.clear();
     } // reset(XMLComponentManager)
 
 
@@ -217,6 +219,17 @@ public class XMLEntityScanner implements XMLLocator  {
         fSymbolTable = symbolTable;
         fEntityManager = entityManager;
         fErrorReporter = reporter;
+        fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
+        fSecurityManager = fEntityManager.fSecurityManager;
+    }
+
+    private void resetCommon() {
+        fCurrentEntity = null;
+        whiteSpaceLen = 0;
+        whiteSpaceInfoNeeded = true;
+        listeners.clear();
+        fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
+        fSecurityManager = fEntityManager.fSecurityManager;
     }
 
     /**
@@ -813,9 +826,13 @@ public class XMLEntityScanner implements XMLLocator  {
                         break;
                     }
                     index = fCurrentEntity.position;
+                    //check prefix before further read
+                    checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, index - offset);
                 }
                 if (++fCurrentEntity.position == fCurrentEntity.count) {
                     int length = fCurrentEntity.position - offset;
+                    //check localpart before loading more data
+                    checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length - index - 1);
                     invokeListeners(length);
                     if (length == fCurrentEntity.fBufferSize) {
                         // bad luck we have to resize our buffer
@@ -847,14 +864,20 @@ public class XMLEntityScanner implements XMLLocator  {
 
                 if (index != -1) {
                     int prefixLength = index - offset;
+                    //check the result: prefix
+                    checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, prefixLength);
                     prefix = fSymbolTable.addSymbol(fCurrentEntity.ch,
                             offset, prefixLength);
                     int len = length - prefixLength - 1;
+                    //check the result: localpart
+                    checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, index + 1, len);
                     localpart = fSymbolTable.addSymbol(fCurrentEntity.ch,
                             index + 1, len);
 
                 } else {
                     localpart = rawname;
+                    //check the result: localpart
+                    checkLimit(Limit.MAX_NAME_LIMIT, fCurrentEntity, offset, length);
                 }
                 qname.setValues(prefix, localpart, rawname, null);
                 if (DEBUG_BUFFER) {
@@ -876,6 +899,27 @@ public class XMLEntityScanner implements XMLLocator  {
 
     } // scanQName(QName):boolean
 
+    /**
+     * Checks whether the value of the specified Limit exceeds its limit
+     *
+     * @param limit The Limit to be checked.
+     * @param entity The current entity.
+     * @param offset The index of the first byte
+     * @param length The length of the entity scanned.
+     */
+    protected void checkLimit(Limit limit, ScannedEntity entity, int offset, int length) {
+        fLimitAnalyzer.addValue(limit, null, length);
+        if (fSecurityManager.isOverLimit(limit, fLimitAnalyzer)) {
+            fSecurityManager.debugPrint(fLimitAnalyzer);
+            fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, limit.key(),
+                    new Object[]{new String(entity.ch, offset, length),
+                fLimitAnalyzer.getTotalValue(limit),
+                fSecurityManager.getLimit(limit),
+                fSecurityManager.getStateLiteral(limit)},
+                    XMLErrorReporter.SEVERITY_FATAL_ERROR);
+        }
+    }
+
     /**
      * CHANGED:
      * Scans a range of parsed character data, This function appends the character data to
@@ -994,6 +1038,9 @@ public class XMLEntityScanner implements XMLLocator  {
         }
         int length = fCurrentEntity.position - offset;
         fCurrentEntity.columnNumber += length - newlines;
+        if (fCurrentEntity.reference) {
+            checkLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fCurrentEntity, offset, length);
+        }
 
         //CHANGED: dont replace the value.. append to the buffer. This gives control to the callee
         //on buffering the data..

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -37,6 +37,7 @@ import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLAttributes;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
 import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
 
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLStreamConstants;
@@ -452,7 +453,15 @@ public class XMLNSDocumentScannerImpl
             // it's a namespace declaration. but prefix:xmlns="..." isn't.
             if (prefix == XMLSymbols.PREFIX_XMLNS ||
                     prefix == XMLSymbols.EMPTY_STRING && localpart == XMLSymbols.PREFIX_XMLNS) {
-
+                //check the length of URI
+                if (tmpStr.length > fXMLNameLimit) {
+                    fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
+                            "MaxXMLNameLimit",
+                            new Object[]{new String(tmpStr.ch,tmpStr.offset,tmpStr.length),
+                            tmpStr.length, fXMLNameLimit,
+                            fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.MAX_NAME_LIMIT)},
+                            XMLErrorReporter.SEVERITY_FATAL_ERROR);
+                }
                 // get the internalized value of this attribute
                 String uri = fSymbolTable.addSymbol(tmpStr.ch,tmpStr.offset,tmpStr.length);
                 value = uri;

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLScanner.java

@@ -946,7 +946,7 @@ public abstract class XMLScanner
                                                 new Object[]{entityName});
                                     }
                                 }
-                                fEntityManager.startEntity(entityName, true);
+                                fEntityManager.startEntity(false, entityName, true);
                             }
                         }
                     }

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLVersionDetector.java

@@ -186,7 +186,7 @@ public class XMLVersionDetector {
      * @throws IOException
      */
     public short determineDocVersion(XMLInputSource inputSource) throws IOException {
-        fEncoding = fEntityManager.setupCurrentEntity(fXMLSymbol, inputSource, false, true);
+        fEncoding = fEntityManager.setupCurrentEntity(false, fXMLSymbol, inputSource, false, true);
 
         // Must use XML 1.0 scanner to handle whitespace correctly
         // in the XML declaration.

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties

@@ -294,10 +294,10 @@
 
 
 # Implementation limits
-        EntityExpansionLimitExceeded=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK.
+        EntityExpansionLimit=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK.
         ElementAttributeLimit=JAXP00010002:  Element \"{0}\" has more than \"{1}\" attributes, \"{1}\" is the limit imposed by the JDK.
         MaxEntitySizeLimit=JAXP00010003: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".
-        TotalEntitySizeLimit=JAXP00010004: The accumulated size \"{0}\" of entities exceeded the \"{1}\" limit set by \"{2}\".
+        TotalEntitySizeLimit=JAXP00010004: The accumulated size of entities is \"{1}\" that exceeded the \"{2}\" limit set by \"{3}\".
-        MaxXMLNameLimit=JAXP00010005: The name \"{0}\" exceeded the \"{1}\" limit set by \"{2}\".
+        MaxXMLNameLimit=JAXP00010005: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".
         MaxElementDepthLimit=JAXP00010006: The element \"{0}\" has a depth of \"{1}\" that exceeds the limit \"{2}\" set by \"{3}\".
 

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties

@@ -289,7 +289,7 @@
         FacetValueFromBase = FacetValueFromBase: In the declaration of type ''{0}'', value ''{1}'' of facet ''{2}'' must be from the value space of the base type, ''{3}''.
         FixedFacetValue = FixedFacetValue: In the definition of {3}, the value ''{1}'' for the facet ''{0}'' is invalid, because the value for ''{0}'' has been set to ''{2}'' in one of the ancestor types, and '{'fixed'}' = true.
         InvalidRegex = InvalidRegex: Pattern value ''{0}'' is not a valid regular expression. The reported error was: ''{1}'' at column ''{2}''.
-        maxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}.
+        MaxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}.
         PublicSystemOnNotation = PublicSystemOnNotation: At least one of ''public'' and ''system'' must appear in element ''notation''.
         SchemaLocation = SchemaLocation: schemaLocation value = ''{0}'' must have even number of URI''s.
         TargetNamespace.1 = TargetNamespace.1: Expecting namespace ''{0}'', but the target namespace of the schema document is ''{1}''.

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java

@@ -117,7 +117,7 @@ public class CMNodeFactory {
                 System.out.println("nodeCount = " + nodeCount ) ;
                 System.out.println("nodeLimit = " + maxNodeLimit ) ;
             }
-            fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "maxOccurLimit", new Object[]{ new Integer(maxNodeLimit) }, XMLErrorReporter.SEVERITY_FATAL_ERROR);
+            fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "MaxOccurLimit", new Object[]{ new Integer(maxNodeLimit) }, XMLErrorReporter.SEVERITY_FATAL_ERROR);
             // similarly to entity manager behaviour, take into accont
             // behaviour if continue-after-fatal-error is set.
             nodeCount = 0;

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java

@@ -1193,7 +1193,7 @@ public class XSAttributeChecker {
                     // maxOccurNodeLimit.
                     int maxOccurNodeLimit = fSchemaHandler.fSecureProcessing.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT);
                     if (max > maxOccurNodeLimit && !fSchemaHandler.fSecureProcessing.isNoLimit(maxOccurNodeLimit)) {
-                        reportSchemaFatalError("maxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element);
+                        reportSchemaFatalError("MaxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element);
 
                         // reset max values in case processing continues on error
                         attrValues[ATTIDX_MAXOCCURS] = fXIntPool.getXInt(maxOccurNodeLimit);

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java

@@ -128,18 +128,21 @@ public final class XMLLimitAnalyzer {
     public void addValue(int index, String entityName, int value) {
         if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
                 index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
-                index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) {
+                index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
+                index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()
+                ) {
             totalValue[index] += value;
             return;
         }
-        if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
+        if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
+                index == Limit.MAX_NAME_LIMIT.ordinal()) {
             totalValue[index] = value;
             return;
         }
 
         Map<String, Integer> cache;
         if (caches[index] == null) {
-            cache = new HashMap<String, Integer>(10);
+            cache = new HashMap<>(10);
             caches[index] = cache;
         } else {
             cache = caches[index];
@@ -147,10 +150,10 @@ public final class XMLLimitAnalyzer {
 
         int accumulatedValue = value;
         if (cache.containsKey(entityName)) {
-            accumulatedValue += cache.get(entityName).intValue();
+            accumulatedValue += cache.get(entityName);
-            cache.put(entityName, Integer.valueOf(accumulatedValue));
+            cache.put(entityName, accumulatedValue);
         } else {
-            cache.put(entityName, Integer.valueOf(value));
+            cache.put(entityName, value);
         }
 
         if (accumulatedValue > values[index]) {
@@ -223,6 +226,16 @@ public final class XMLLimitAnalyzer {
         }
     }
 
+    /**
+     * Resets the current value of the specified limit.
+     * @param limit The limit to be reset.
+     */
+    public void reset(Limit limit) {
+        if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
+            totalValue[limit.ordinal()] = 0;
+        }
+    }
+
     public void debugPrint(XMLSecurityManager securityManager) {
         Formatter formatter = new Formatter();
         System.out.println(formatter.format("%30s %15s %15s %15s %30s",

jaxp/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -61,20 +61,31 @@ public final class XMLSecurityManager {
      */
     public static enum Limit {
 
-        ENTITY_EXPANSION_LIMIT(Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
+        ENTITY_EXPANSION_LIMIT("EntityExpansionLimit",
-        MAX_OCCUR_NODE_LIMIT(Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000),
+                Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
-        ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
+        MAX_OCCUR_NODE_LIMIT("MaxOccurLimit",
-        TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
+                Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000),
-        GENERAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
+        ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit",
-        PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
+                Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
-        MAX_ELEMENT_DEPTH_LIMIT(Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0);
+        TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit",
+                Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
+        GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
+                Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
+        PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
+                Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
+        MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit",
+                Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0),
+        MAX_NAME_LIMIT("MaxXMLNameLimit",
+                Constants.JDK_XML_NAME_LIMIT, Constants.SP_XML_NAME_LIMIT, 1000, 1000);
 
+        final String key;
         final String apiProperty;
         final String systemProperty;
         final int defaultValue;
         final int secureValue;
 
-        Limit(String apiProperty, String systemProperty, int value, int secureValue) {
+        Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) {
+            this.key = key;
             this.apiProperty = apiProperty;
             this.systemProperty = systemProperty;
             this.defaultValue = value;
@@ -89,6 +100,10 @@ public final class XMLSecurityManager {
             return (propertyName == null) ? false : systemProperty.equals(propertyName);
         }
 
+        public String key() {
+            return key;
+        }
+
         public String apiProperty() {
             return apiProperty;
         }
@@ -97,7 +112,7 @@ public final class XMLSecurityManager {
             return systemProperty;
         }
 
-        int defaultValue() {
+        public int defaultValue() {
             return defaultValue;
         }
 
@@ -152,7 +167,7 @@ public final class XMLSecurityManager {
     /**
      * Index of the special entityCountInfo property
      */
-    private int indexEntityCountInfo = 10000;
+    private final int indexEntityCountInfo = 10000;
     private String printEntityCountInfo = "";
 
     /**
@@ -433,7 +448,9 @@ public final class XMLSecurityManager {
         if (index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
                 index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
                 index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() ||
-                index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
+                index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
+                index == Limit.MAX_NAME_LIMIT.ordinal()
+                ) {
             return (limitAnalyzer.getTotalValue(index) > values[index]);
         } else {
             return (limitAnalyzer.getValue(index) > values[index]);

jaxp/src/java.xml/share/classes/com/sun/xml/internal/stream/Entity.java

@@ -344,6 +344,9 @@ public abstract class Entity {
         // to know that prolog is read
         public boolean xmlDeclChunkRead = false;
 
+        // flag to indicate whether the Entity is an Entity Reference
+        public boolean reference = false;
+
         /** returns the name of the current encoding
          *  @return current encoding name
          */
@@ -388,10 +391,11 @@ public abstract class Entity {
         //
 
         /** Constructs a scanned entity. */
-        public ScannedEntity(String name,
+        public ScannedEntity(boolean reference, String name,
                 XMLResourceIdentifier entityLocation,
                 InputStream stream, Reader reader,
                 String encoding, boolean literal, boolean mayReadChunks, boolean isExternal) {
+            this.reference = reference;
             this.name = name ;
             this.entityLocation = entityLocation;
             this.stream = stream;