Make sure that encoding/decoding is strict (OF-391).

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@11846 b35dd754-fafc-0310-a699-88a17e54d16e

Make sure that encoding/decoding is strict (OF-391).
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@11846 b35dd754-fafc-0310-a699-88a17e54d16e
73cd7950 · guus · 9e445d2a · 73cd7950
Commit 73cd7950 authored Aug 22, 2010 by guus
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 0 deletions

MXParser.java src/java/org/jivesoftware/openfire/net/MXParser.java +22 -0

No files found.
--- a/src/java/org/jivesoftware/openfire/net/MXParser.java
+++ b/src/java/org/jivesoftware/openfire/net/MXParser.java
@@ -361,4 +361,26 @@ public class MXParser extends org.xmlpull.mxp1.MXParser {
        reader = oldReader;
        inputEncoding = oldEncoding;
    }
+
+	/**
+	 * Makes sure that each individul character is a valid XML character.
+	 * 
+	 * Note that when MXParser is being modified to handle multibyte chars correctly, this method needs to change (as
+	 * then, there are more codepoints to check).
+	 */
+    @Override
+    protected char more() throws IOException, XmlPullParserException {
+    	final char codePoint  = super.more(); // note - this does NOT return a codepoint now, but simply a (single byte) character!
+		if ((codePoint == 0x0) ||  // 0x0 is not allowed, but flash clients insist on sending this as the very first character of a stream. We should stop allowing this codepoint after the first byte has been parsed.
+				(codePoint == 0x9) ||          				     
+				(codePoint == 0xA) ||
+				(codePoint == 0xD) ||
+				((codePoint >= 0x20) && (codePoint <= 0xD7FF)) ||
+				((codePoint >= 0xE000) && (codePoint <= 0xFFFD)) ||
+				((codePoint >= 0x10000) && (codePoint <= 0x10FFFF))) {
+			return codePoint;
+		}
+		
+		throw new XmlPullParserException("Illegal XML character: " + Integer.parseInt(codePoint+"", 16));
+    }
 }