1From 2de077423fb22750ebea599677d523b53cb93b1d Mon Sep 17 00:00:00 2001 2From: Sebastian Pipping <sebastian@pipping.org> 3Date: Sat, 12 Feb 2022 00:51:43 +0100 4Subject: [PATCH] tests: Cover CVE-2022-25236 5 6--- 7 tests/runtests.c | 30 ++++++++++++++++++++++++++++++ 8 1 file changed, 30 insertions(+) 9 10diff --git a/tests/runtests.c b/tests/runtests.c 11index d07203f..bc5344b 100644 12--- a/tests/runtests.c 13+++ b/tests/runtests.c 14@@ -7220,6 +7220,35 @@ START_TEST(test_ns_double_colon_doctype) { 15 } 16 END_TEST 17 18+START_TEST(test_ns_separator_in_uri) { 19+ struct test_case { 20+ enum XML_Status expectedStatus; 21+ const char *doc; 22+ }; 23+ struct test_case cases[] = { 24+ {XML_STATUS_OK, "<doc xmlns='one_two' />"}, 25+ {XML_STATUS_ERROR, "<doc xmlns='one
two' />"}, 26+ }; 27+ 28+ size_t i = 0; 29+ size_t failCount = 0; 30+ for (; i < sizeof(cases) / sizeof(cases[0]); i++) { 31+ XML_Parser parser = XML_ParserCreateNS(NULL, '\n'); 32+ XML_SetElementHandler(parser, dummy_start_element, dummy_end_element); 33+ if (XML_Parse(parser, cases[i].doc, (int)strlen(cases[i].doc), 34+ /*isFinal*/ XML_TRUE) 35+ != cases[i].expectedStatus) { 36+ failCount++; 37+ } 38+ XML_ParserFree(parser); 39+ } 40+ 41+ if (failCount) { 42+ fail("Namespace separator handling is broken"); 43+ } 44+} 45+END_TEST 46+ 47 /* Control variable; the number of times duff_allocator() will successfully 48 * allocate */ 49 #define ALLOC_ALWAYS_SUCCEED (-1) 50@@ -11905,6 +11934,7 @@ make_suite(void) { 51 tcase_add_test(tc_namespace, test_ns_utf16_doctype); 52 tcase_add_test(tc_namespace, test_ns_invalid_doctype); 53 tcase_add_test(tc_namespace, test_ns_double_colon_doctype); 54+ tcase_add_test(tc_namespace, test_ns_separator_in_uri); 55 56 suite_add_tcase(s, tc_misc); 57 tcase_add_checked_fixture(tc_misc, NULL, basic_teardown); 58-- 591.8.3.1 60 61