Mercurial > pidgin
annotate libpurple/tests/test_xmlnode.c @ 32797:aacfb71133cc
Fix a possible MSN remote crash
Incoming messages with certain characters or character encodings
can cause clients to crash. The fix is for the contents of all
incoming plaintext messages are converted to UTF-8 and validated
before used.
This was reported to us by Fabian Yamaguchi and this patch was written
by Elliott Sales de Andrade (maybe with small, insignificant changes by me)
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Mon, 07 May 2012 03:18:08 +0000 |
| parents | c8f91310bfbf |
| children | 114a98da1a5f 3828a61c44da |
| rev | line source |
|---|---|
|
31680
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
1 #include <string.h> |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
2 |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
3 #include "tests.h" |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
4 #include "../xmlnode.h" |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
5 |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
6 /* |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
7 * If we really wanted to test the billion laughs attack we would |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
8 * need to have more than just 4 ha's. But as long as this shorter |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
9 * document fails to parse, the longer one should also fail to parse. |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
10 */ |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
11 START_TEST(test_xmlnode_billion_laughs_attack) |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
12 { |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
13 const char *malicious_xml_doc = "<!DOCTYPE root [ <!ENTITY ha \"Ha !\"><!ENTITY ha2 \"&ha; &ha;\"><!ENTITY ha3 \"&ha2; &ha2;\"> ]><root>&ha3;</root>"; |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
14 |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
15 /* Uncomment this line if you want to see the error message given by |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
16 the parser for the above XML document */ |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
17 /* purple_debug_set_enabled(TRUE); */ |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
18 |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
19 fail_if(xmlnode_from_str(malicious_xml_doc, -1), |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
20 "xmlnode_from_str() returned an XML tree, but we didn't want it to"); |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
21 } |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
22 END_TEST |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
23 |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
24 Suite * |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
25 xmlnode_suite(void) |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
26 { |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
27 Suite *s = suite_create("Utility Functions"); |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
28 |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
29 TCase *tc = tcase_create("xmlnode"); |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
30 tcase_add_test(tc, test_xmlnode_billion_laughs_attack); |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
31 suite_add_tcase(s, tc); |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
32 |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
33 return s; |
|
c8f91310bfbf
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <mark@kingant.net>
parents:
diff
changeset
|
34 } |