On Mon, Mar 16, 2009 at 8:50 PM, Stephen Bannasch
<stephen.banna...@deanbrook.org> wrote:
> In working on the rails xml_mini backend tests I found a test generating a
> bus error when using libxml-ruby-1.1.2.
>
> Here's a stand-alone adaptation of the test that runs on the just released
> Rails 2.3.2:
>
> file: test_attack_xml.rb
>
> require 'rubygems'
> require 'test/unit'
> require 'activesupport'
> require 'active_support/xml_mini'
>
> class TestAttackXml < Test::Unit::TestCase
> include ActiveSupport
>
> def test_exception_thrown_on_expansion_attack
> assert_raise SyntaxError do
> attack_xml = <<-EOT
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE member [
> <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
> <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
> <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">
> <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">
> <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">
> <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">
> <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
> ]>
> <member>
> &a;
> </member>
> EOT
> hash = XmlMini.with_backend("LibXML") { Hash.from_xml(attack_xml) }
> end
> end
> end
>
> Here's the result running on MacOS 10.5.6
>
> $ ruby test_attack_xml_with_libxml.rb
> Loaded suite test_attack_xml
> Started
> /Library/Ruby/Gems/1.8/gems/libxml-ruby-1.1.2/lib/libxml/node.rb:100: [BUG]
> Bus Error
> ruby 1.8.6 (2008-03-03) [universal-darwin9.0]
>
> Abort trap
This works fine for me. What version of libxml2 are you running? Use
this command to find out:
ruby -rubygems -e'require "libxml"; puts LibXML::XML::LIBXML_VERSION'
Also, it would be helpful if you could reproduce the problem outside of rails.
--
Aaron Patterson
http://tenderlovemaking.com/
_______________________________________________
libxml-devel mailing list
libxml-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/libxml-devel
