Lee Thomason
GitHub
1
resources/xmltest-5662204197076992.xml
Normal file
1
resources/xmltest-5662204197076992.xml
Normal file
File diff suppressed because one or more lines are too long
28
tinyxml2.cpp
28
tinyxml2.cpp
@@ -1032,15 +1032,25 @@ char* XMLNode::ParseDeep( char* p, StrPair* parentEndTag, int* curLineNumPtr )
|
|||||||
XMLDeclaration* decl = node->ToDeclaration();
|
XMLDeclaration* decl = node->ToDeclaration();
|
||||||
if ( decl ) {
|
if ( decl ) {
|
||||||
// Declarations are only allowed at document level
|
// Declarations are only allowed at document level
|
||||||
bool wellLocated = ( ToDocument() != 0 );
|
//
|
||||||
if ( wellLocated ) {
|
// Multiple declarations are allowed but all declarations
|
||||||
// Multiple declarations are allowed but all declarations
|
// must occur before anything else.
|
||||||
// must occur before anything else
|
//
|
||||||
for ( const XMLNode* existingNode = _document->FirstChild(); existingNode; existingNode = existingNode->NextSibling() ) {
|
// Optimized due to a security test case. If the first node is
|
||||||
if ( !existingNode->ToDeclaration() ) {
|
// a declaration, and the last node is a declaration, then only
|
||||||
wellLocated = false;
|
// declarations have so far been addded.
|
||||||
break;
|
bool wellLocated = false;
|
||||||
}
|
|
||||||
|
if (ToDocument()) {
|
||||||
|
if (FirstChild()) {
|
||||||
|
wellLocated =
|
||||||
|
FirstChild() &&
|
||||||
|
FirstChild()->ToDeclaration() &&
|
||||||
|
LastChild() &&
|
||||||
|
LastChild()->ToDeclaration();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
wellLocated = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ( !wellLocated ) {
|
if ( !wellLocated ) {
|
||||||
|
|||||||
12
xmltest.cpp
12
xmltest.cpp
@@ -2050,6 +2050,18 @@ int main( int argc, const char ** argv )
|
|||||||
XMLTest("Stack overflow prevented.", XML_ELEMENT_DEPTH_EXCEEDED, doc.ErrorID());
|
XMLTest("Stack overflow prevented.", XML_ELEMENT_DEPTH_EXCEEDED, doc.ErrorID());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
const char* TESTS[] = {
|
||||||
|
"./resources/xmltest-5662204197076992.xml", // Security-level performance issue.
|
||||||
|
0
|
||||||
|
};
|
||||||
|
for (int i = 0; TESTS[i]; ++i) {
|
||||||
|
XMLDocument doc;
|
||||||
|
doc.LoadFile(TESTS[i]);
|
||||||
|
// Need only not crash / lock up.
|
||||||
|
XMLTest("Fuzz attack prevented.", true, true);
|
||||||
|
}
|
||||||
|
}
|
||||||
{
|
{
|
||||||
// Crashing reported via email.
|
// Crashing reported via email.
|
||||||
const char* xml =
|
const char* xml =
|
||||||
|
|||||||
Reference in New Issue
Block a user