diff options
author | Ben Gruver <bgruv@google.com> | 2022-03-08 14:02:08 -0600 |
---|---|---|
committer | Ben Gruver <bgruv@google.com> | 2022-03-08 14:50:22 -0600 |
commit | 2771eae0a11f07bd892732232e6ee4e32437230d (patch) | |
tree | f7793bb9d0f11610ace0d4c7c195ccf339d8b7c3 | |
parent | 81bd303a80b4413d4720243b2c80fb619d89bec8 (diff) | |
download | google-smali-2771eae0a11f07bd892732232e6ee4e32437230d.tar.gz |
Use the FEATURE_SECURE_PROCESSING feature for loading resource ids
This fixes a potential security issues reported by ready-research at
https://huntr.dev/bounties/c68f1aed-2922-4ebb-9699-00e0aea1d662
-rw-r--r-- | baksmali/src/main/java/org/jf/baksmali/BaksmaliOptions.java | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/baksmali/src/main/java/org/jf/baksmali/BaksmaliOptions.java b/baksmali/src/main/java/org/jf/baksmali/BaksmaliOptions.java index 76608fb0..a0f757d9 100644 --- a/baksmali/src/main/java/org/jf/baksmali/BaksmaliOptions.java +++ b/baksmali/src/main/java/org/jf/baksmali/BaksmaliOptions.java @@ -38,6 +38,7 @@ import org.xml.sax.Attributes; import org.xml.sax.SAXException; import org.xml.sax.helpers.DefaultHandler; +import javax.xml.XMLConstants; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; @@ -84,9 +85,12 @@ public class BaksmaliOptions { public void loadResourceIds(Map<String, File> resourceFiles) throws SAXException, IOException { for (Map.Entry<String, File> entry: resourceFiles.entrySet()) { try { - SAXParser saxp = SAXParserFactory.newInstance().newSAXParser(); + SAXParserFactory parserFactory = SAXParserFactory.newInstance(); + parserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + SAXParser parser = parserFactory.newSAXParser(); + final String prefix = entry.getKey(); - saxp.parse(entry.getValue(), new DefaultHandler() { + parser.parse(entry.getValue(), new DefaultHandler() { @Override public void startElement(String uri, String localName, String qName, Attributes attr) throws SAXException { |