You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by rj...@apache.org on 2010/10/08 22:04:02 UTC

svn commit: r1005996 - in /apr/apr-util/branches/0.9.x/test: data/ data/billion-laughs.xml testxml.c

Author: rjung
Date: Fri Oct  8 20:04:02 2010
New Revision: 1005996

URL: http://svn.apache.org/viewvc?rev=1005996&view=rev
Log:
Update xml tests:
- add billion_laughs
- add alpha and beta tests for CVE-2009-3720
- slightly refactored code to reflect closer
  what's in 1.3.x.

Added:
    apr/apr-util/branches/0.9.x/test/data/
    apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml   (with props)
Modified:
    apr/apr-util/branches/0.9.x/test/testxml.c

Added: apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml?rev=1005996&view=auto
==============================================================================
--- apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml (added)
+++ apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml Fri Oct  8 20:04:02 2010
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<!DOCTYPE billion [
+<!ELEMENT billion (#PCDATA)>
+<!ENTITY laugh0 "ha">
+<!ENTITY laugh1 "&laugh0;&laugh0;">
+<!ENTITY laugh2 "&laugh1;&laugh1;">
+<!ENTITY laugh3 "&laugh2;&laugh2;">
+<!ENTITY laugh4 "&laugh3;&laugh3;">
+<!ENTITY laugh5 "&laugh4;&laugh4;">
+<!ENTITY laugh6 "&laugh5;&laugh5;">
+<!ENTITY laugh7 "&laugh6;&laugh6;">
+<!ENTITY laugh8 "&laugh7;&laugh7;">
+<!ENTITY laugh9 "&laugh8;&laugh8;">
+<!ENTITY laugh10 "&laugh9;&laugh9;">
+<!ENTITY laugh11 "&laugh10;&laugh10;">
+<!ENTITY laugh12 "&laugh11;&laugh11;">
+<!ENTITY laugh13 "&laugh12;&laugh12;">
+<!ENTITY laugh14 "&laugh13;&laugh13;">
+<!ENTITY laugh15 "&laugh14;&laugh14;">
+<!ENTITY laugh16 "&laugh15;&laugh15;">
+<!ENTITY laugh17 "&laugh16;&laugh16;">
+<!ENTITY laugh18 "&laugh17;&laugh17;">
+<!ENTITY laugh19 "&laugh18;&laugh18;">
+<!ENTITY laugh20 "&laugh19;&laugh19;">
+<!ENTITY laugh21 "&laugh20;&laugh20;">
+<!ENTITY laugh22 "&laugh21;&laugh21;">
+<!ENTITY laugh23 "&laugh22;&laugh22;">
+<!ENTITY laugh24 "&laugh23;&laugh23;">
+<!ENTITY laugh25 "&laugh24;&laugh24;">
+<!ENTITY laugh26 "&laugh25;&laugh25;">
+<!ENTITY laugh27 "&laugh26;&laugh26;">
+<!ENTITY laugh28 "&laugh27;&laugh27;">
+<!ENTITY laugh29 "&laugh28;&laugh28;">
+<!ENTITY laugh30 "&laugh29;&laugh29;">
+]>
+<billion>&laugh30;</billion>

Propchange: apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: apr/apr-util/branches/0.9.x/test/data/billion-laughs.xml
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Modified: apr/apr-util/branches/0.9.x/test/testxml.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/test/testxml.c?rev=1005996&r1=1005995&r2=1005996&view=diff
==============================================================================
--- apr/apr-util/branches/0.9.x/test/testxml.c (original)
+++ apr/apr-util/branches/0.9.x/test/testxml.c Fri Oct  8 20:04:02 2010
@@ -156,9 +156,8 @@ static void oops(const char *s1, const c
     exit(1);
 }
 
-int main(int argc, const char *const * argv)
+static int test_xml_parser(apr_pool_t *pool, const char *file)
 {
-    apr_pool_t *pool;
     apr_file_t *fd;
     apr_xml_parser *parser;
     apr_xml_doc *doc;
@@ -166,26 +165,19 @@ int main(int argc, const char *const * a
     char errbuf[2000];
     char errbufXML[2000];
 
-    (void) apr_initialize();
-    apr_pool_create(&pool, NULL);
-    progname = argv[0];
-    if (argc == 1) {
+    if (file == NULL) {
         rv = create_dummy_file(pool, &fd);
         if (rv != APR_SUCCESS) {
             oops("cannot create dummy file", "oops", rv);
         }
     }
     else {
-        if (argc == 2) {
-            rv = apr_file_open(&fd, argv[1], APR_READ, APR_OS_DEFAULT, pool);
-            if (rv != APR_SUCCESS) {
-                oops("cannot open: %s", argv[1], rv);
-            }
-        }
-        else {
-            oops("usage: %s", usage, 0);
+        rv = apr_file_open(&fd, file, APR_READ, APR_OS_DEFAULT, pool);
+        if (rv != APR_SUCCESS) {
+            oops("cannot open: %s", file, rv);
         }
     }
+
     rv = apr_xml_parse_file(pool, &parser, &doc, fd, 2000);
     if (rv != APR_SUCCESS) {
         fprintf(stderr, "APR Error %s\nXML Error: %s\n",
@@ -193,9 +185,12 @@ int main(int argc, const char *const * a
              apr_xml_parser_geterror(parser, errbufXML, sizeof(errbufXML)));
         return rv;
     }
+
     dump_xml(doc->root, 0);
-    apr_file_close(fd);
-    if (argc == 1) {
+
+    rv = apr_file_close(fd);
+
+    if (file == NULL) {
         rv = create_dummy_file_error(pool, &fd);
         if (rv != APR_SUCCESS) {
             oops("cannot create error dummy file", "oops", rv);
@@ -213,6 +208,79 @@ int main(int argc, const char *const * a
             return APR_EGENERAL;
         }
     }
+    return rv;
+}
+
+static void test_billion_laughs(apr_pool_t *pool)
+{
+    apr_file_t *fd;
+    apr_xml_parser *parser;
+    apr_xml_doc *doc;
+    apr_status_t rv;
+    char errbuf[2000];
+
+    rv = apr_file_open(&fd, "data/billion-laughs.xml", 
+                       APR_READ, 0, pool);
+    if (rv != APR_SUCCESS) {
+        fprintf(stderr, "APR Error %s\n",
+                apr_strerror(rv, errbuf, sizeof(errbuf)));
+    }
+
+    /* Don't test for return value; if it returns, chances are the bug
+     * is fixed or the machine has insane amounts of RAM. */
+    apr_xml_parse_file(pool, &parser, &doc, fd, 2000);
+
+    apr_file_close(fd);
+}
+
+static void test_CVE_2009_3720_alpha(apr_pool_t *pool)
+{
+    apr_xml_parser *xp;
+    apr_xml_doc *doc;
+    apr_status_t rv;
+
+    xp = apr_xml_parser_create(pool);
+    
+    rv = apr_xml_parser_feed(xp, "\0\r\n", 3);
+    if (rv == APR_SUCCESS)
+        apr_xml_parser_done(xp, &doc);
+}
+
+static void test_CVE_2009_3720_beta(apr_pool_t *pool)
+{
+    apr_xml_parser *xp;
+    apr_xml_doc *doc;
+    apr_status_t rv;
+
+    xp = apr_xml_parser_create(pool);
+    
+    rv = apr_xml_parser_feed(xp, "<?xml version\xc2\x85='1.0'?>\r\n", 25);
+    if (rv == APR_SUCCESS)
+        apr_xml_parser_done(xp, &doc);
+}
+
+int main(int argc, const char *const * argv)
+{
+    apr_pool_t *pool;
+    apr_status_t rv;
+
+    (void) apr_initialize();
+    apr_pool_create(&pool, NULL);
+    progname = argv[0];
+    if (argc == 1) {
+        rv = test_xml_parser(pool, NULL);
+    }
+    else {
+        if (argc == 2) {
+            rv = test_xml_parser(pool, argv[1]);
+        }
+        else {
+            oops("usage: %s", usage, 0);
+        }
+    }
+    test_billion_laughs(pool);
+    test_CVE_2009_3720_alpha(pool);
+    test_CVE_2009_3720_beta(pool);
     apr_pool_destroy(pool);
     apr_terminate();
     return rv;