Browse code
fix infloop in screnc detection code (introduced around SVN r3945). generic safeguard against infinite loops due to state == next_state add testcase
| ... | ... |
@@ -1072,6 +1072,7 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
| 1072 | 1072 |
|
| 1073 | 1073 |
saved_next_state = next_state; |
| 1074 | 1074 |
next_state = state; |
| 1075 |
+ look_for_screnc = FALSE; |
|
| 1075 | 1076 |
state = HTML_LOOKFOR_SCRENC; |
| 1076 | 1077 |
} |
| 1077 | 1078 |
} else if (hrefs) {
|
| ... | ... |
@@ -1613,11 +1614,17 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
| 1613 | 1613 |
if (in_screnc) {
|
| 1614 | 1614 |
state = HTML_JSDECODE_DECRYPT; |
| 1615 | 1615 |
next_state = HTML_BAD_STATE; |
| 1616 |
- } else if(look_for_screnc && !ptr_screnc) {
|
|
| 1616 |
+ } else if(look_for_screnc && !ptr_screnc && |
|
| 1617 |
+ state != HTML_LOOKFOR_SCRENC) {
|
|
| 1617 | 1618 |
saved_next_state = next_state; |
| 1618 | 1619 |
next_state = state; |
| 1619 | 1620 |
state = HTML_LOOKFOR_SCRENC; |
| 1620 | 1621 |
} |
| 1622 |
+ if(next_state == state) {
|
|
| 1623 |
+ /* safeguard against infloop */ |
|
| 1624 |
+ cli_dbgmsg("htmlnorm.c: next_state == state, changing next_state\n");
|
|
| 1625 |
+ next_state = HTML_BAD_STATE; |
|
| 1626 |
+ } |
|
| 1621 | 1627 |
} |
| 1622 | 1628 |
|
| 1623 | 1629 |
if(dconf_entconv) {
|
| ... | ... |
@@ -424,10 +424,31 @@ START_TEST (js_buffer) |
| 424 | 424 |
} |
| 425 | 425 |
END_TEST |
| 426 | 426 |
|
| 427 |
+START_TEST (screnc_infloop) |
|
| 428 |
+{
|
|
| 429 |
+ char buf[24700] = "<%@ language='jscript.encode'>"; |
|
| 430 |
+ struct cli_dconf *dconf = cli_dconf_init(); |
|
| 431 |
+ size_t p; |
|
| 432 |
+ |
|
| 433 |
+ fail_unless(!!dconf, "failed to init dconf"); |
|
| 434 |
+ for(p = strlen(buf); p < 16384; p++) {
|
|
| 435 |
+ buf[p] = ' '; |
|
| 436 |
+ } |
|
| 437 |
+ for(; p < 24625; p++) {
|
|
| 438 |
+ buf[p] = 'a'; |
|
| 439 |
+ } |
|
| 440 |
+ strncpy(buf+24626,"#@~^ ", 10); |
|
| 441 |
+ fail_unless(html_normalise_mem((unsigned char*)buf, sizeof(buf), NULL, NULL, dconf) == 1, "normalise"); |
|
| 442 |
+ free(dconf); |
|
| 443 |
+} |
|
| 444 |
+END_TEST |
|
| 445 |
+ |
|
| 427 | 446 |
Suite *test_jsnorm_suite(void) |
| 428 | 447 |
{
|
| 429 | 448 |
Suite *s = suite_create("jsnorm");
|
| 430 |
- TCase *tc_jsnorm_gperf, *tc_jsnorm_token, *tc_jsnorm_api, *tc_jsnorm_tokenizer, *tc_jsnorm_bugs; |
|
| 449 |
+ TCase *tc_jsnorm_gperf, *tc_jsnorm_token, *tc_jsnorm_api, |
|
| 450 |
+ *tc_jsnorm_tokenizer, *tc_jsnorm_bugs, *tc_screnc_infloop; |
|
| 451 |
+ |
|
| 431 | 452 |
tc_jsnorm_gperf = tcase_create("jsnorm gperf");
|
| 432 | 453 |
suite_add_tcase (s, tc_jsnorm_gperf); |
| 433 | 454 |
tcase_add_loop_test(tc_jsnorm_gperf, test_keywords, 0, sizeof(kw_test)/sizeof(kw_test[0])); |
| ... | ... |
@@ -458,6 +479,10 @@ Suite *test_jsnorm_suite(void) |
| 458 | 458 |
tcase_add_test(tc_jsnorm_bugs, js_begin_end); |
| 459 | 459 |
tcase_add_test(tc_jsnorm_bugs, multiple_scripts); |
| 460 | 460 |
|
| 461 |
+ tc_screnc_infloop = tcase_create("screnc infloop bug");
|
|
| 462 |
+ suite_add_tcase (s, tc_screnc_infloop); |
|
| 463 |
+ tcase_add_test(tc_screnc_infloop, screnc_infloop); |
|
| 464 |
+ |
|
| 461 | 465 |
return s; |
| 462 | 466 |
} |
| 463 | 467 |
|