diff options
| author | minfrin <minfrin@13f79535-47bb-0310-9956-ffa450edef68> | 2011-12-06 01:08:40 +0000 |
|---|---|---|
| committer | minfrin <minfrin@13f79535-47bb-0310-9956-ffa450edef68> | 2011-12-06 01:08:40 +0000 |
| commit | aca4351e2f768674a4a6928e634406e7385226d9 (patch) | |
| tree | 45ba98a0f5e105e8c62181d11c7f5497c422972a /test/testxml.c | |
| parent | c83b477521ed2aaf40c6a47d540c665ca9bd539c (diff) | |
| parent | 796db2a03ab94945939e0e91c269a611463d43a8 (diff) | |
| download | libapr-util-1.4.0.tar.gz | |
Tag v1.4.0.1.4.0
git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/tags/1.4.0@1210733 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'test/testxml.c')
| -rw-r--r-- | test/testxml.c | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/test/testxml.c b/test/testxml.c index 9a09644d..eed10672 100644 --- a/test/testxml.c +++ b/test/testxml.c @@ -28,8 +28,8 @@ static apr_status_t create_dummy_file_error(abts_case *tc, apr_pool_t *p, apr_off_t off = 0L; char template[] = "data/testxmldummyerrorXXXXXX"; - rv = apr_file_mktemp(fd, template, APR_CREATE | APR_TRUNCATE | APR_DELONCLOSE | - APR_READ | APR_WRITE | APR_EXCL, p); + rv = apr_file_mktemp(fd, template, APR_FOPEN_CREATE | APR_FOPEN_TRUNCATE | APR_FOPEN_DELONCLOSE | + APR_FOPEN_READ | APR_FOPEN_WRITE | APR_FOPEN_EXCL, p); ABTS_INT_EQUAL(tc, APR_SUCCESS, rv); if (rv != APR_SUCCESS) @@ -62,8 +62,8 @@ static apr_status_t create_dummy_file(abts_case *tc, apr_pool_t *p, apr_off_t off = 0L; char template[] = "data/testxmldummyXXXXXX"; - rv = apr_file_mktemp(fd, template, APR_CREATE | APR_TRUNCATE | APR_DELONCLOSE | - APR_READ | APR_WRITE | APR_EXCL, p); + rv = apr_file_mktemp(fd, template, APR_FOPEN_CREATE | APR_FOPEN_TRUNCATE | APR_FOPEN_DELONCLOSE | + APR_FOPEN_READ | APR_FOPEN_WRITE | APR_FOPEN_EXCL, p); ABTS_INT_EQUAL(tc, APR_SUCCESS, rv); if (rv != APR_SUCCESS) @@ -159,18 +159,47 @@ static void test_billion_laughs(abts_case *tc, void *data) APR_FOPEN_READ, 0, p); apr_assert_success(tc, "open billion-laughs.xml", rv); - rv = apr_xml_parse_file(p, &parser, &doc, fd, 2000); - ABTS_TRUE(tc, rv != APR_SUCCESS); + /* Don't test for return value; if it returns, chances are the bug + * is fixed or the machine has insane amounts of RAM. */ + apr_xml_parse_file(p, &parser, &doc, fd, 2000); apr_file_close(fd); } +static void test_CVE_2009_3720_alpha(abts_case *tc, void *data) +{ + apr_xml_parser *xp; + apr_xml_doc *doc; + apr_status_t rv; + + xp = apr_xml_parser_create(p); + + rv = apr_xml_parser_feed(xp, "\0\r\n", 3); + if (rv == APR_SUCCESS) + apr_xml_parser_done(xp, &doc); +} + +static void test_CVE_2009_3720_beta(abts_case *tc, void *data) +{ + apr_xml_parser *xp; + apr_xml_doc *doc; + apr_status_t rv; + + xp = apr_xml_parser_create(p); + + rv = apr_xml_parser_feed(xp, "<?xml version\xc2\x85='1.0'?>\r\n", 25); + if (rv == APR_SUCCESS) + apr_xml_parser_done(xp, &doc); +} + abts_suite *testxml(abts_suite *suite) { suite = ADD_SUITE(suite); abts_run_test(suite, test_xml_parser, NULL); abts_run_test(suite, test_billion_laughs, NULL); + abts_run_test(suite, test_CVE_2009_3720_alpha, NULL); + abts_run_test(suite, test_CVE_2009_3720_beta, NULL); return suite; } |