diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2022-01-31 00:21:55 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2022-01-31 00:21:55 +0000 |
| commit | 749862abfaffd0bd02519cf39542789e6188be67 (patch) | |
| tree | 1d34cefb84c289b8700e246a14102d839aed1761 /lib/libexpat/tests | |
| parent | 99a2f77bcee20b7d09cb4353b6f626d02e082159 (diff) | |
Update libexpat to 2.4.4. This fixes CVE-2022-23852 and CVE-2022-23990.
Relevant for OpenBSD are security fixes #550 #551 and other changes
#553 (missing in change log). No library bump necessary.
OK millert@
Diffstat (limited to 'lib/libexpat/tests')
| -rw-r--r-- | lib/libexpat/tests/runtests.c | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/lib/libexpat/tests/runtests.c b/lib/libexpat/tests/runtests.c index d2923ac1fd5..4a9c5328125 100644 --- a/lib/libexpat/tests/runtests.c +++ b/lib/libexpat/tests/runtests.c @@ -3847,6 +3847,30 @@ START_TEST(test_get_buffer_2) { } END_TEST +/* Test for signed integer overflow CVE-2022-23852 */ +#if defined(XML_CONTEXT_BYTES) +START_TEST(test_get_buffer_3_overflow) { + XML_Parser parser = XML_ParserCreate(NULL); + assert(parser != NULL); + + const char *const text = "\n"; + const int expectedKeepValue = (int)strlen(text); + + // After this call, variable "keep" in XML_GetBuffer will + // have value expectedKeepValue + if (XML_Parse(parser, text, (int)strlen(text), XML_FALSE /* isFinal */) + == XML_STATUS_ERROR) + xml_failure(parser); + + assert(expectedKeepValue > 0); + if (XML_GetBuffer(parser, INT_MAX - expectedKeepValue + 1) != NULL) + fail("enlarging buffer not failed"); + + XML_ParserFree(parser); +} +END_TEST +#endif // defined(XML_CONTEXT_BYTES) + /* Test position information macros */ START_TEST(test_byte_info_at_end) { const char *text = "<doc></doc>"; @@ -7352,7 +7376,7 @@ START_TEST(test_misc_version) { fail("Version mismatch"); #if ! defined(XML_UNICODE) || defined(XML_UNICODE_WCHAR_T) - if (xcstrcmp(version_text, XCS("expat_2.4.3"))) /* needs bump on releases */ + if (xcstrcmp(version_text, XCS("expat_2.4.4"))) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); #else /* If we have XML_UNICODE defined but not XML_UNICODE_WCHAR_T @@ -11286,7 +11310,7 @@ START_TEST(test_accounting_precision) { {"<p:e xmlns:p=\"https://domain.invalid/\" />", NULL, NULL, 0, filled_later}, {"<e k=\"&'><"\" />", NULL, NULL, - sizeof(XML_Char) * 5 /* number of predefined entites */, filled_later}, + sizeof(XML_Char) * 5 /* number of predefined entities */, filled_later}, {"<e1 xmlns='https://example.org/'>\n" " <e2 xmlns=''/>\n" "</e1>", @@ -11296,7 +11320,7 @@ START_TEST(test_accounting_precision) { {"<e>text</e>", NULL, NULL, 0, filled_later}, {"<e1><e2>text1<e3/>text2</e2></e1>", NULL, NULL, 0, filled_later}, {"<e>&'><"</e>", NULL, NULL, - sizeof(XML_Char) * 5 /* number of predefined entites */, filled_later}, + sizeof(XML_Char) * 5 /* number of predefined entities */, filled_later}, {"<e>A)</e>", NULL, NULL, 0, filled_later}, /* Prolog */ @@ -11731,6 +11755,9 @@ make_suite(void) { tcase_add_test(tc_basic, test_empty_parse); tcase_add_test(tc_basic, test_get_buffer_1); tcase_add_test(tc_basic, test_get_buffer_2); +#if defined(XML_CONTEXT_BYTES) + tcase_add_test(tc_basic, test_get_buffer_3_overflow); +#endif tcase_add_test(tc_basic, test_byte_info_at_end); tcase_add_test(tc_basic, test_byte_info_at_error); tcase_add_test(tc_basic, test_byte_info_at_cdata); |