diff options
| author | Katie Hockman <katie@golang.org> | 2021-03-01 09:54:00 -0500 |
|---|---|---|
| committer | Katie Hockman <katiehockman@google.com> | 2021-03-09 17:43:02 +0000 |
| commit | 91062c2e4cbbf78a108919f6ed3ded1173937cf3 (patch) | |
| tree | 6f04b2f35c33c61d0c73f6143dda8168aa7a7279 /src/encoding/xml/xml_test.go | |
| parent | fa6752a5370735b8c2404d6de5191f2eea67130f (diff) | |
| download | go-91062c2e4cbbf78a108919f6ed3ded1173937cf3.tar.gz go-91062c2e4cbbf78a108919f6ed3ded1173937cf3.zip | |
[release-branch.go1.15-security] encoding/xml: prevent infinite loop while decoding
This change properly handles a TokenReader which
returns an EOF in the middle of an open XML
element.
Thanks to Sam Whited for reporting this.
Fixes CVE-2021-27918
Change-Id: Id02a3f3def4a1b415fa2d9a8e3b373eb6cb0f433
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004594
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit e7ce1f6746223ec7b4caa3b1ece25d9be3864710)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1014236
Diffstat (limited to 'src/encoding/xml/xml_test.go')
| -rw-r--r-- | src/encoding/xml/xml_test.go | 104 |
1 files changed, 82 insertions, 22 deletions
diff --git a/src/encoding/xml/xml_test.go b/src/encoding/xml/xml_test.go index efddca43e9..5672ebb375 100644 --- a/src/encoding/xml/xml_test.go +++ b/src/encoding/xml/xml_test.go @@ -33,30 +33,90 @@ func (t *toks) Token() (Token, error) { func TestDecodeEOF(t *testing.T) { start := StartElement{Name: Name{Local: "test"}} - t.Run("EarlyEOF", func(t *testing.T) { - d := NewTokenDecoder(&toks{earlyEOF: true, t: []Token{ - start, - start.End(), - }}) - err := d.Decode(&struct { - XMLName Name `xml:"test"` - }{}) - if err != nil { - t.Error(err) + tests := []struct { + name string + tokens []Token + ok bool + }{ + { + name: "OK", + tokens: []Token{ + start, + start.End(), + }, + ok: true, + }, + { + name: "Malformed", + tokens: []Token{ + start, + StartElement{Name: Name{Local: "bad"}}, + start.End(), + }, + ok: false, + }, + } + for _, tc := range tests { + for _, eof := range []bool{true, false} { + name := fmt.Sprintf("%s/earlyEOF=%v", tc.name, eof) + t.Run(name, func(t *testing.T) { + d := NewTokenDecoder(&toks{ + earlyEOF: eof, + t: tc.tokens, + }) + err := d.Decode(&struct { + XMLName Name `xml:"test"` + }{}) + if tc.ok && err != nil { + t.Fatalf("d.Decode: expected nil error, got %v", err) + } + if _, ok := err.(*SyntaxError); !tc.ok && !ok { + t.Errorf("d.Decode: expected syntax error, got %v", err) + } + }) } - }) - t.Run("LateEOF", func(t *testing.T) { - d := NewTokenDecoder(&toks{t: []Token{ - start, - start.End(), - }}) - err := d.Decode(&struct { - XMLName Name `xml:"test"` - }{}) - if err != nil { - t.Error(err) + } +} + +type toksNil struct { + returnEOF bool + t []Token +} + +func (t *toksNil) Token() (Token, error) { + if len(t.t) == 0 { + if !t.returnEOF { + // Return nil, nil before returning an EOF. It's legal, but + // discouraged. + t.returnEOF = true + return nil, nil } - }) + return nil, io.EOF + } + var tok Token + tok, t.t = t.t[0], t.t[1:] + return tok, nil +} + +func TestDecodeNilToken(t *testing.T) { + for _, strict := range []bool{true, false} { + name := fmt.Sprintf("Strict=%v", strict) + t.Run(name, func(t *testing.T) { + start := StartElement{Name: Name{Local: "test"}} + bad := StartElement{Name: Name{Local: "bad"}} + d := NewTokenDecoder(&toksNil{ + // Malformed + t: []Token{start, bad, start.End()}, + }) + d.Strict = strict + err := d.Decode(&struct { + XMLName Name `xml:"test"` + }{}) + if _, ok := err.(*SyntaxError); !ok { + t.Errorf("d.Decode: expected syntax error, got %v", err) + } + }) + } } const testInput = ` |