In working on the rails xml_mini backend tests I found a test
generating a bus error when using libxml-ruby-1.1.2.
Here's a stand-alone adaptation of the test that runs on the just
released Rails 2.3.2:
file: test_attack_xml.rb
require 'rubygems'
require 'test/unit'
require 'activesupport'
require 'active_support/xml_mini'
class TestAttackXml < Test::Unit::TestCase
include ActiveSupport
def test_exception_thrown_on_expansion_attack
assert_raise SyntaxError do
attack_xml = <<-EOT
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE member [
<!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
<!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
<!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">
<!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">
<!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">
<!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">
<!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
]>
<member>
&a;
</member>
EOT
hash = XmlMini.with_backend("LibXML") { Hash.from_xml(attack_xml) }
end
end
end
Here's the result running on MacOS 10.5.6
$ ruby test_attack_xml_with_libxml.rb
Loaded suite test_attack_xml
Started
/Library/Ruby/Gems/1.8/gems/libxml-ruby-1.1.2/lib/libxml/node.rb:100:
[BUG] Bus Error
ruby 1.8.6 (2008-03-03) [universal-darwin9.0]
Abort trap
_______________________________________________
libxml-devel mailing list
libxml-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/libxml-devel
