diff options
| author | Alexander Barkov <bar@mnogosearch.org> | 2014-04-23 15:53:47 +0400 |
|---|---|---|
| committer | Alexander Barkov <bar@mnogosearch.org> | 2014-04-23 15:53:47 +0400 |
| commit | a24ea50d1a04d7bfe9608fe1ea8ac1ab8ed97294 (patch) | |
| tree | 0d4cdc038f11cab6684ce2bfdfb4891d40922e03 | |
| parent | 213f10363e1134fdb39842f55876db1136496ff3 (diff) | |
| download | mariadb-git-a24ea50d1a04d7bfe9608fe1ea8ac1ab8ed97294.tar.gz | |
MDEV-5338 XML parser accepts malformed data
| -rw-r--r-- | mysql-test/r/xml.result | 21 | ||||
| -rw-r--r-- | mysql-test/t/xml.test | 16 | ||||
| -rw-r--r-- | strings/xml.c | 9 |
3 files changed, 40 insertions, 6 deletions
diff --git a/mysql-test/r/xml.result b/mysql-test/r/xml.result index dda77cba04c..d127246e9d7 100644 --- a/mysql-test/r/xml.result +++ b/mysql-test/r/xml.result @@ -132,7 +132,7 @@ xb1 xc1 SELECT extractValue(@xml,'/a//@x[2]'); extractValue(@xml,'/a//@x[2]') xb2 xc2 -SET @xml='<a><b>b1</b><b>b2</b><c><b>c1b1</b><b>c1b2</b></c><c><b>c2b1</c></b></a>'; +SET @xml='<a><b>b1</b><b>b2</b><c><b>c1b1</b><b>c1b2</b></c><c><b>c2b1</b></c></a>'; SELECT extractValue(@xml,'//b[1]'); extractValue(@xml,'//b[1]') b1 c1b1 c2b1 @@ -1133,3 +1133,22 @@ NULL Warnings: Warning 1525 Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)' End of 5.1 tests +# +# Start of 5.3 tests +# +# +# MDEV-5338 XML parser accepts malformed data +# +SELECT ExtractValue('<a>xxx</c>','/a/b'); +ExtractValue('<a>xxx</c>','/a/b') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 10: '</c>' unexpected ('</a>' wanted)' +SELECT ExtractValue('<a><b>xxx</c></a>','/a/b'); +ExtractValue('<a><b>xxx</c></a>','/a/b') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 13: '</c>' unexpected ('</b>' wanted)' +# +# End of 5.3 tests +# diff --git a/mysql-test/t/xml.test b/mysql-test/t/xml.test index 8db5ca75f1c..096ccc2cc06 100644 --- a/mysql-test/t/xml.test +++ b/mysql-test/t/xml.test @@ -53,7 +53,7 @@ SELECT extractValue(@xml,'/a//@x'); SELECT extractValue(@xml,'/a//@x[1]'); SELECT extractValue(@xml,'/a//@x[2]'); -SET @xml='<a><b>b1</b><b>b2</b><c><b>c1b1</b><b>c1b2</b></c><c><b>c2b1</c></b></a>'; +SET @xml='<a><b>b1</b><b>b2</b><c><b>c1b1</b><b>c1b2</b></c><c><b>c2b1</b></c></a>'; SELECT extractValue(@xml,'//b[1]'); SELECT extractValue(@xml,'/descendant::b[1]'); @@ -652,3 +652,17 @@ SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1'); SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1); --echo End of 5.1 tests + +--echo # +--echo # Start of 5.3 tests +--echo # + +--echo # +--echo # MDEV-5338 XML parser accepts malformed data +--echo # +SELECT ExtractValue('<a>xxx</c>','/a/b'); +SELECT ExtractValue('<a><b>xxx</c></a>','/a/b'); + +--echo # +--echo # End of 5.3 tests +--echo # diff --git a/strings/xml.c b/strings/xml.c index ac6ab807ed8..428222c47ed 100644 --- a/strings/xml.c +++ b/strings/xml.c @@ -240,7 +240,7 @@ static void mstr(char *s,const char *src,size_t l1, size_t l2) static int my_xml_leave(MY_XML_PARSER *p, const char *str, size_t slen) { - char *e; + char *e, *tag; size_t glen; char s[32]; char g[32]; @@ -249,13 +249,14 @@ static int my_xml_leave(MY_XML_PARSER *p, const char *str, size_t slen) /* Find previous '/' or beginning */ for (e=p->attrend; (e>p->attr) && (e[0] != '/') ; e--); glen = (size_t) ((e[0] == '/') ? (p->attrend-e-1) : p->attrend-e); - - if (str && (slen != glen)) + tag= e[0] == '/' ? e + 1 : e; + + if (str && (slen != glen || memcmp(str, tag, slen))) { mstr(s,str,sizeof(s)-1,slen); if (glen) { - mstr(g,e+1,sizeof(g)-1,glen), + mstr(g, tag, sizeof(g)-1, glen); sprintf(p->errstr,"'</%s>' unexpected ('</%s>' wanted)",s,g); } else |