summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorChong Yidong <cyd@gnu.org>2012-07-03 13:28:42 +0800
committerChong Yidong <cyd@gnu.org>2012-07-03 13:28:42 +0800
commita76e6535dc91d65de27f194861a5aa21e9b26365 (patch)
tree0ab4f191fd1a5e6ed1e2582be7f86aa57638440b /test
parent36429c89cbd7282a7614a358e5edb4d37f4a3f47 (diff)
downloademacs-a76e6535dc91d65de27f194861a5aa21e9b26365.tar.gz
* xml.el: Protect parser against XML bombs.
(xml-entity-expansion-limit): New variable. (xml-parse-string, xml-substitute-special): Use it. (xml-parse-dtd): Avoid infloop if the DTD is not terminated. * test/automated/xml-parse-tests.el: Update testcases.
Diffstat (limited to 'test')
-rw-r--r--test/ChangeLog4
-rw-r--r--test/automated/xml-parse-tests.el19
2 files changed, 21 insertions, 2 deletions
diff --git a/test/ChangeLog b/test/ChangeLog
index 3ff7124893a..1e77f972965 100644
--- a/test/ChangeLog
+++ b/test/ChangeLog
@@ -1,3 +1,7 @@
+2012-07-03 Chong Yidong <cyd@gnu.org>
+
+ * automated/xml-parse-tests.el (xml-parse-tests--bad-data): New.
+
2012-07-02 Chong Yidong <cyd@gnu.org>
* automated/xml-parse-tests.el (xml-parse-tests--data): More
diff --git a/test/automated/xml-parse-tests.el b/test/automated/xml-parse-tests.el
index ec3d7ca3065..ada9bbd4074 100644
--- a/test/automated/xml-parse-tests.el
+++ b/test/automated/xml-parse-tests.el
@@ -55,14 +55,29 @@
("<foo>&#38;amp;</foo>" . ((foo () "&amp;"))))
"Alist of XML strings and their expected parse trees.")
+(defvar xml-parse-tests--bad-data
+ '(;; XML bomb in content
+ "<!DOCTYPE foo [<!ENTITY lol \"lol\"><!ENTITY lol1 \"&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\"><!ENTITY lol2 \"&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;\">]><foo>&lol2;</foo>"
+ ;; XML bomb in attribute value
+ "<!DOCTYPE foo [<!ENTITY lol \"lol\"><!ENTITY lol1 \"&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\"><!ENTITY lol2 \"&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;\">]><foo a=\"&lol2;\">!</foo>"
+ ;; Non-terminating DTD
+ "<!DOCTYPE foo [ <!ENTITY b \"B\"><!ENTITY abc \"a&b;c\">"
+ "<!DOCTYPE foo [ <!ENTITY b \"B\"><!ENTITY abc \"a&b;c\">asdf"
+ "<!DOCTYPE foo [ <!ENTITY b \"B\"><!ENTITY abc \"a&b;c\">asdf&abc;")
+ "List of XML strings that should signal an error in the parser")
+
(ert-deftest xml-parse-tests ()
"Test XML parsing."
(with-temp-buffer
(dolist (test xml-parse-tests--data)
(erase-buffer)
(insert (car test))
- (should (equal (cdr test)
- (xml-parse-region (point-min) (point-max)))))))
+ (should (equal (cdr test) (xml-parse-region))))
+ (let ((xml-entity-expansion-limit 50))
+ (dolist (test xml-parse-tests--bad-data)
+ (erase-buffer)
+ (insert test)
+ (should-error (xml-parse-region))))))
;; Local Variables:
;; no-byte-compile: t
View Lorry Controller Status