libpurple/tests/test_xmlnode.c@a66a4f09ea6a (annotated)
libpurple/tests/test_xmlnode.c
Wed, 19 Oct 2016 13:00:17 -0400
- author
- Daniel Atallah <datallah@pidgin.im>
- date
- Wed, 19 Oct 2016 13:00:17 -0400
- branch
- release-2.x.y
- changeset 38164
- a66a4f09ea6a
- parent 31891
- 186f61a85ac2
- child 32321
- ae17a89ef666
- child 32438
- dc8991868906
- permissions
- -rw-r--r--
win32: Explicitly use ANSI versions of the WSALookup APIs
|
31891
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
1 | #include <string.h> |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
2 | |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
3 | #include "tests.h" |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
4 | #include "../xmlnode.h" |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
5 | |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
6 | /* |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
7 | * If we really wanted to test the billion laughs attack we would |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
8 | * need to have more than just 4 ha's. But as long as this shorter |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
9 | * document fails to parse, the longer one should also fail to parse. |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
10 | */ |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
11 | START_TEST(test_xmlnode_billion_laughs_attack) |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
12 | { |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
13 | const char *malicious_xml_doc = "<!DOCTYPE root [ <!ENTITY ha \"Ha !\"><!ENTITY ha2 \"&ha; &ha;\"><!ENTITY ha3 \"&ha2; &ha2;\"> ]><root>&ha3;</root>"; |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
14 | |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
15 | /* Uncomment this line if you want to see the error message given by |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
16 | the parser for the above XML document */ |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
17 | /* purple_debug_set_enabled(TRUE); */ |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
18 | |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
19 | fail_if(xmlnode_from_str(malicious_xml_doc, -1), |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
20 | "xmlnode_from_str() returned an XML tree, but we didn't want it to"); |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
21 | } |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
22 | END_TEST |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
23 | |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
24 | Suite * |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
25 | xmlnode_suite(void) |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
26 | { |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
27 | Suite *s = suite_create("Utility Functions"); |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
28 | |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
29 | TCase *tc = tcase_create("xmlnode"); |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
30 | tcase_add_test(tc, test_xmlnode_billion_laughs_attack); |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
31 | suite_add_tcase(s, tc); |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
32 | |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
33 | return s; |
|
186f61a85ac2
Add a silly little check to make sure our xml parser isn't vulnerable to the
Mark Doliner <markdoliner@pidgin.im>
parents:
diff
changeset
|
34 | } |
