Close #1087. Fix JRuby memory exhaustion vulnerability

Thanks to Michal Ochman for fixing this.
sparklemotion · May 22, 2014 · a098ddf · a098ddf
1 parent 492ee64
commit a098ddf
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
@@ -1,3 +1,9 @@
+=== 1.6.2.2 / unreleased
+
+==== Bug fixes
+
+* Fix JRuby memory exhaustion vulnerability. #1087 (Thanks, @ocher)
+
 === 1.6.2.1 / 2014-05-13
 
 ==== Bug fixes

diff --git a/ext/java/nokogiri/internals/NokogiriNonStrictErrorHandler.java b/ext/java/nokogiri/internals/NokogiriNonStrictErrorHandler.java
@@ -90,9 +90,11 @@ public void warning(String domain, String key, XMLParseException e) {
      * the parsing to stop, or an error that can be ignored.
      */
     private static boolean isFatal(String msg) {
+        String msgLowerCase = msg.toLowerCase();
         return
-          msg.toLowerCase().contains("in prolog") ||
-          msg.toLowerCase().contains("limit") ||
-          msg.toLowerCase().contains("preceding the root element must be well-formed");
+          msgLowerCase.contains("in prolog") ||
+          msgLowerCase.contains("limit") ||
+          msgLowerCase.contains("preceding the root element must be well-formed") ||
+          msgLowerCase.contains("following the root element must be well-formed");
     }
 }
diff --git a/test/xml/test_document.rb b/test/xml/test_document.rb
@@ -625,6 +625,12 @@ def test_memory_explosion_on_invalid_xml
         refute_empty doc.errors
       end
 
+      def test_memory_explosion_on_wrong_formatted_element_following_the_root_element
+        doc = Nokogiri::XML("<a/><\n")
+        refute_nil doc
+        refute_empty doc.errors
+      end
+
       def test_document_has_errors
         doc = Nokogiri::XML(<<-eoxml)
           <foo><bar></foo>