generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-28 11:31:53 +01:00
Code Issues Projects Releases Wiki Activity

fix(XML): fuzzing stack overflow (#4629). Limit maximum XML element depth.

Browse Source
This commit is contained in:
Günter Obiltschnig
2024-09-26 09:03:31 +02:00
parent 3a8c6a72b1
commit 3b4a8ea6e7
6 changed files with 76 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
XML/testsuite/src/ParserWriterTest.cpp
View File

@@ -104,6 +104,23 @@ void ParserWriterTest::testParseWriteSimple()
}
void ParserWriterTest::testMaxElementDepth()
{
DOMParser parser;
parser.setFeature(XMLReader::FEATURE_NAMESPACE_PREFIXES, false);
parser.setMaxElementDepth(2);
try
{
AutoPtr<Document> pDoc = parser.parseString(XHTML);
fail("max element depth exceeded - must throw");
}
catch (const Poco::Exception&)
{
}
}
void ParserWriterTest::setUp()
{
}
@@ -121,6 +138,7 @@ CppUnit::Test* ParserWriterTest::suite()
CppUnit_addTest(pSuite, ParserWriterTest, testParseWriteXHTML);
CppUnit_addTest(pSuite, ParserWriterTest, testParseWriteXHTML2);
CppUnit_addTest(pSuite, ParserWriterTest, testParseWriteSimple);
CppUnit_addTest(pSuite, ParserWriterTest, testMaxElementDepth);
return pSuite;
}

2
XML/testsuite/src/ParserWriterTest.h
View File

@@ -26,8 +26,8 @@ public:
void testParseWriteXHTML();
void testParseWriteXHTML2();
void testParseWriteWSDL();
void testParseWriteSimple();
void testMaxElementDepth();
void setUp();
void tearDown();