You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by rj...@apache.org on 2010/10/08 22:04:02 UTC
svn commit: r1005996 - in /apr/apr-util/branches/0.9.x/test: data/
data/billion-laughs.xml testxml.c
Author: rjung
Date: Fri Oct 8 20:04:02 2010
New Revision: 1005996
URL: http://svn.apache.org/viewvc?rev=1005996&view=rev
Log:
Update xml tests:
- add billion_laughs
- add alpha and beta tests for CVE-2009-3720
- slightly refactored code to reflect closer
what's in 1.3.x.
Added:
apr/apr-util/branches/0.9.x/test/data/
apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml (with props)
Modified:
apr/apr-util/branches/0.9.x/test/testxml.c
Added: apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml?rev=1005996&view=auto
==============================================================================
--- apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml (added)
+++ apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml Fri Oct 8 20:04:02 2010
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<!DOCTYPE billion [
+<!ELEMENT billion (#PCDATA)>
+<!ENTITY laugh0 "ha">
+<!ENTITY laugh1 "&laugh0;&laugh0;">
+<!ENTITY laugh2 "&laugh1;&laugh1;">
+<!ENTITY laugh3 "&laugh2;&laugh2;">
+<!ENTITY laugh4 "&laugh3;&laugh3;">
+<!ENTITY laugh5 "&laugh4;&laugh4;">
+<!ENTITY laugh6 "&laugh5;&laugh5;">
+<!ENTITY laugh7 "&laugh6;&laugh6;">
+<!ENTITY laugh8 "&laugh7;&laugh7;">
+<!ENTITY laugh9 "&laugh8;&laugh8;">
+<!ENTITY laugh10 "&laugh9;&laugh9;">
+<!ENTITY laugh11 "&laugh10;&laugh10;">
+<!ENTITY laugh12 "&laugh11;&laugh11;">
+<!ENTITY laugh13 "&laugh12;&laugh12;">
+<!ENTITY laugh14 "&laugh13;&laugh13;">
+<!ENTITY laugh15 "&laugh14;&laugh14;">
+<!ENTITY laugh16 "&laugh15;&laugh15;">
+<!ENTITY laugh17 "&laugh16;&laugh16;">
+<!ENTITY laugh18 "&laugh17;&laugh17;">
+<!ENTITY laugh19 "&laugh18;&laugh18;">
+<!ENTITY laugh20 "&laugh19;&laugh19;">
+<!ENTITY laugh21 "&laugh20;&laugh20;">
+<!ENTITY laugh22 "&laugh21;&laugh21;">
+<!ENTITY laugh23 "&laugh22;&laugh22;">
+<!ENTITY laugh24 "&laugh23;&laugh23;">
+<!ENTITY laugh25 "&laugh24;&laugh24;">
+<!ENTITY laugh26 "&laugh25;&laugh25;">
+<!ENTITY laugh27 "&laugh26;&laugh26;">
+<!ENTITY laugh28 "&laugh27;&laugh27;">
+<!ENTITY laugh29 "&laugh28;&laugh28;">
+<!ENTITY laugh30 "&laugh29;&laugh29;">
+]>
+<billion>&laugh30;</billion>
Propchange: apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: apr/apr-util/branches/0.9.x/test/testxml.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/test/testxml.c?rev=1005996&r1=1005995&r2=1005996&view=diff
==============================================================================
--- apr/apr-util/branches/0.9.x/test/testxml.c (original)
+++ apr/apr-util/branches/0.9.x/test/testxml.c Fri Oct 8 20:04:02 2010
@@ -156,9 +156,8 @@ static void oops(const char *s1, const c
exit(1);
}
-int main(int argc, const char *const * argv)
+static int test_xml_parser(apr_pool_t *pool, const char *file)
{
- apr_pool_t *pool;
apr_file_t *fd;
apr_xml_parser *parser;
apr_xml_doc *doc;
@@ -166,26 +165,19 @@ int main(int argc, const char *const * a
char errbuf[2000];
char errbufXML[2000];
- (void) apr_initialize();
- apr_pool_create(&pool, NULL);
- progname = argv[0];
- if (argc == 1) {
+ if (file == NULL) {
rv = create_dummy_file(pool, &fd);
if (rv != APR_SUCCESS) {
oops("cannot create dummy file", "oops", rv);
}
}
else {
- if (argc == 2) {
- rv = apr_file_open(&fd, argv[1], APR_READ, APR_OS_DEFAULT, pool);
- if (rv != APR_SUCCESS) {
- oops("cannot open: %s", argv[1], rv);
- }
- }
- else {
- oops("usage: %s", usage, 0);
+ rv = apr_file_open(&fd, file, APR_READ, APR_OS_DEFAULT, pool);
+ if (rv != APR_SUCCESS) {
+ oops("cannot open: %s", file, rv);
}
}
+
rv = apr_xml_parse_file(pool, &parser, &doc, fd, 2000);
if (rv != APR_SUCCESS) {
fprintf(stderr, "APR Error %s\nXML Error: %s\n",
@@ -193,9 +185,12 @@ int main(int argc, const char *const * a
apr_xml_parser_geterror(parser, errbufXML, sizeof(errbufXML)));
return rv;
}
+
dump_xml(doc->root, 0);
- apr_file_close(fd);
- if (argc == 1) {
+
+ rv = apr_file_close(fd);
+
+ if (file == NULL) {
rv = create_dummy_file_error(pool, &fd);
if (rv != APR_SUCCESS) {
oops("cannot create error dummy file", "oops", rv);
@@ -213,6 +208,79 @@ int main(int argc, const char *const * a
return APR_EGENERAL;
}
}
+ return rv;
+}
+
+static void test_billion_laughs(apr_pool_t *pool)
+{
+ apr_file_t *fd;
+ apr_xml_parser *parser;
+ apr_xml_doc *doc;
+ apr_status_t rv;
+ char errbuf[2000];
+
+ rv = apr_file_open(&fd, "data/billion-laughs.xml",
+ APR_READ, 0, pool);
+ if (rv != APR_SUCCESS) {
+ fprintf(stderr, "APR Error %s\n",
+ apr_strerror(rv, errbuf, sizeof(errbuf)));
+ }
+
+ /* Don't test for return value; if it returns, chances are the bug
+ * is fixed or the machine has insane amounts of RAM. */
+ apr_xml_parse_file(pool, &parser, &doc, fd, 2000);
+
+ apr_file_close(fd);
+}
+
+static void test_CVE_2009_3720_alpha(apr_pool_t *pool)
+{
+ apr_xml_parser *xp;
+ apr_xml_doc *doc;
+ apr_status_t rv;
+
+ xp = apr_xml_parser_create(pool);
+
+ rv = apr_xml_parser_feed(xp, "\0\r\n", 3);
+ if (rv == APR_SUCCESS)
+ apr_xml_parser_done(xp, &doc);
+}
+
+static void test_CVE_2009_3720_beta(apr_pool_t *pool)
+{
+ apr_xml_parser *xp;
+ apr_xml_doc *doc;
+ apr_status_t rv;
+
+ xp = apr_xml_parser_create(pool);
+
+ rv = apr_xml_parser_feed(xp, "<?xml version\xc2\x85='1.0'?>\r\n", 25);
+ if (rv == APR_SUCCESS)
+ apr_xml_parser_done(xp, &doc);
+}
+
+int main(int argc, const char *const * argv)
+{
+ apr_pool_t *pool;
+ apr_status_t rv;
+
+ (void) apr_initialize();
+ apr_pool_create(&pool, NULL);
+ progname = argv[0];
+ if (argc == 1) {
+ rv = test_xml_parser(pool, NULL);
+ }
+ else {
+ if (argc == 2) {
+ rv = test_xml_parser(pool, argv[1]);
+ }
+ else {
+ oops("usage: %s", usage, 0);
+ }
+ }
+ test_billion_laughs(pool);
+ test_CVE_2009_3720_alpha(pool);
+ test_CVE_2009_3720_beta(pool);
apr_pool_destroy(pool);
apr_terminate();
return rv;