diff options
| author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2009-08-18 14:18:53 +0000 |
|---|---|---|
| committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2009-08-18 14:18:53 +0000 |
| commit | 6941d29cccfc336b5eac89ec7770515a7922bac5 (patch) | |
| tree | 1fc4655e41e430a184512e2d468831588a9dfb01 /test | |
| parent | 9ecf5fc3c83b27eec78e761caaa6658cfb7b2384 (diff) | |
| download | neon-6941d29cccfc336b5eac89ec7770515a7922bac5.tar.gz | |
Security fix for CVE-2009-2473: prevent the "billion laughs" attack
against expat:
* src/ne_xml.c (ne_xml_create) [HAVE_EXPAT]: Register entity
decl handler.
[HAVE_LIBXML]: Use xmlCtxtUseOptions interface.
(entity_declaration): New function.
* test/xml.c (fail_parse): Add billion laughs test case.
* test/run.sh: Limit run-time CPU use to 120 seconds.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1687 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
Diffstat (limited to 'test')
| -rw-r--r-- | test/run.sh | 1 | ||||
| -rw-r--r-- | test/xml.c | 38 |
2 files changed, 39 insertions, 0 deletions
diff --git a/test/run.sh b/test/run.sh index dd62bf4..194e0b3 100644 --- a/test/run.sh +++ b/test/run.sh @@ -3,6 +3,7 @@ rm -f debug.log child.log ulimit -c unlimited +ulimit -t 120 unset LANG unset LC_MESSAGES @@ -441,6 +441,44 @@ static int fail_parse(void) "\xEF\xBB" PFX "<hello/>", "\xEF" PFX "<hello/>", +"<?xml version=\"1.0\"?>\ +<!DOCTYPE billion [\ +<!ELEMENT billion (#PCDATA)>\ +<!ENTITY laugh0 \"ha\">\ +<!ENTITY laugh1 \"&laugh0;&laugh0;\">\ +<!ENTITY laugh2 \"&laugh1;&laugh1;\">\ +<!ENTITY laugh3 \"&laugh2;&laugh2;\">\ +<!ENTITY laugh4 \"&laugh3;&laugh3;\">\ +<!ENTITY laugh5 \"&laugh4;&laugh4;\">\ +<!ENTITY laugh6 \"&laugh5;&laugh5;\">\ +<!ENTITY laugh7 \"&laugh6;&laugh6;\">\ +<!ENTITY laugh8 \"&laugh7;&laugh7;\">\ +<!ENTITY laugh9 \"&laugh8;&laugh8;\">\ +<!ENTITY laugh10 \"&laugh9;&laugh9;\">\ +<!ENTITY laugh11 \"&laugh10;&laugh10;\">\ +<!ENTITY laugh12 \"&laugh11;&laugh11;\">\ +<!ENTITY laugh13 \"&laugh12;&laugh12;\">\ +<!ENTITY laugh14 \"&laugh13;&laugh13;\">\ +<!ENTITY laugh15 \"&laugh14;&laugh14;\">\ +<!ENTITY laugh16 \"&laugh15;&laugh15;\">\ +<!ENTITY laugh17 \"&laugh16;&laugh16;\">\ +<!ENTITY laugh18 \"&laugh17;&laugh17;\">\ +<!ENTITY laugh19 \"&laugh18;&laugh18;\">\ +<!ENTITY laugh20 \"&laugh19;&laugh19;\">\ +<!ENTITY laugh21 \"&laugh20;&laugh20;\">\ +<!ENTITY laugh22 \"&laugh21;&laugh21;\">\ +<!ENTITY laugh23 \"&laugh22;&laugh22;\">\ +<!ENTITY laugh24 \"&laugh23;&laugh23;\">\ +<!ENTITY laugh25 \"&laugh24;&laugh24;\">\ +<!ENTITY laugh26 \"&laugh25;&laugh25;\">\ +<!ENTITY laugh27 \"&laugh26;&laugh26;\">\ +<!ENTITY laugh28 \"&laugh27;&laugh27;\">\ +<!ENTITY laugh29 \"&laugh28;&laugh28;\">\ +<!ENTITY laugh30 \"&laugh29;&laugh29;\">\ +]>\ +<billion>&laugh30;</billion>\ +", + NULL }; int n; |