Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
expat.22462
expat-CVE-2019-15903-tests.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File expat-CVE-2019-15903-tests.patch of Package expat.22462
From 438493691f1b8620a71d5aee658fe160103ff863 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping <sebastian@pipping.org> Date: Wed, 28 Aug 2019 15:14:19 +0200 Subject: [PATCH] tests: Cover denying internal entities closing the doctype --- expat/tests/runtests.c | 67 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) Index: expat-2.2.5/tests/runtests.c =================================================================== --- expat-2.2.5.orig/tests/runtests.c +++ expat-2.2.5/tests/runtests.c @@ -7193,6 +7193,69 @@ overwrite_end_checker(void *userData, co CharData_AppendXMLChars(storage, XCS("\n"), 1); } +#ifdef XML_DTD +START_TEST(test_misc_deny_internal_entity_closing_doctype_issue_317) { + const char *const inputOne = "<!DOCTYPE d [\n" + "<!ENTITY % e ']><d/>'>\n" + "\n" + "%e;"; + const char *const inputTwo = "<!DOCTYPE d [\n" + "<!ENTITY % e1 ']><d/>'><!ENTITY % e2 '&e1;'>\n" + "\n" + "%e2;"; + const char *const inputThree = "<!DOCTYPE d [\n" + "<!ENTITY % e ']><d'>\n" + "\n" + "%e;"; + const char *const inputIssue317 = "<!DOCTYPE doc [\n" + "<!ENTITY % foo ']>\n" + "<doc>Hell<oc (#PCDATA)*>'>\n" + "%foo;\n" + "]>\n" + "<doc>Hello, world</dVc>"; + + const char *const inputs[] = {inputOne, inputTwo, inputThree, inputIssue317}; + size_t inputIndex = 0; + + for (; inputIndex < sizeof(inputs) / sizeof(inputs[0]); inputIndex++) { + XML_Parser parser; + enum XML_Status parseResult; + int setParamEntityResult; + XML_Size lineNumber; + XML_Size columnNumber; + const char *const input = inputs[inputIndex]; + + parser = XML_ParserCreate(NULL); + setParamEntityResult + = XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS); + if (setParamEntityResult != 1) + fail("Failed to set XML_PARAM_ENTITY_PARSING_ALWAYS."); + + parseResult = XML_Parse(parser, input, (int)strlen(input), 0); + if (parseResult != XML_STATUS_ERROR) { + parseResult = XML_Parse(parser, "", 0, 1); + if (parseResult != XML_STATUS_ERROR) { + fail("Parsing was expected to fail but succeeded."); + } + } + + if (XML_GetErrorCode(parser) != XML_ERROR_INVALID_TOKEN) + fail("Error code does not match XML_ERROR_INVALID_TOKEN"); + + lineNumber = XML_GetCurrentLineNumber(parser); + if (lineNumber != 4) + fail("XML_GetCurrentLineNumber does not work as expected."); + + columnNumber = XML_GetCurrentColumnNumber(parser); + if (columnNumber != 0) + fail("XML_GetCurrentColumnNumber does not work as expected."); + + XML_ParserFree(parser); + } +} +END_TEST +#endif + static void run_ns_tagname_overwrite_test(const char *text, const XML_Char *result) { @@ -12210,6 +12273,9 @@ make_suite(void) tcase_add_test(tc_misc, test_misc_features); tcase_add_test(tc_misc, test_misc_attribute_leak); tcase_add_test(tc_misc, test_misc_utf16le); +#ifdef XML_DTD + tcase_add_test(tc_misc, test_misc_deny_internal_entity_closing_doctype_issue_317); +#endif suite_add_tcase(s, tc_alloc); tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor