From 1a1828648f3c06580ffe7a9f78c557a9e73c5bcd Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Mon, 1 Apr 2024 20:42:27 +0300 Subject: Upgrade to 3.2.5 Note that this upstream version properly fixes the use-after-free error (CVE-2018-1311) triggered during the scanning of external DTDs (see https://issues.apache.org/jira/browse/XERCESC-2188 for details). --- libxerces-c/tests/net-accessor/NetAccessorTest.cpp | 168 +-------------------- .../net-accessor/handle-exception-as-error.patch | 35 ----- 2 files changed, 1 insertion(+), 202 deletions(-) mode change 100644 => 120000 libxerces-c/tests/net-accessor/NetAccessorTest.cpp delete mode 100644 libxerces-c/tests/net-accessor/handle-exception-as-error.patch (limited to 'libxerces-c/tests') diff --git a/libxerces-c/tests/net-accessor/NetAccessorTest.cpp b/libxerces-c/tests/net-accessor/NetAccessorTest.cpp deleted file mode 100644 index c2affbd..0000000 --- a/libxerces-c/tests/net-accessor/NetAccessorTest.cpp +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * $Id$ - * - */ - - -// --------------------------------------------------------------------------- -// Includes -// --------------------------------------------------------------------------- -#include -#include -#include -#include -#include - -#if defined(XERCES_NEW_IOSTREAMS) -#include -#else -#include -#endif - -XERCES_CPP_NAMESPACE_USE - - -inline XERCES_STD_QUALIFIER ostream& operator<<(XERCES_STD_QUALIFIER ostream& os, const XMLCh* xmlStr) -{ - char* transcoded = XMLString::transcode(xmlStr); - os << transcoded; - XMLString::release(&transcoded); - return os; -} - - -void -exercise(BinInputStream& stream) -{ - static float percents[] = { 1.0, 0.5, 0.25, 0.1, 0.15, 0.113, 0.333, 0.0015, 0.0013 }; - int numPercents = sizeof(percents) / sizeof(float); - - const unsigned int bufferMax = 4096; - XMLByte buffer[bufferMax]; - - int iteration = 0; - unsigned int bytesRead = 0; - do { - // Calculate a percentage of our maximum buffer size, going through - // them round-robin - float percent = percents[iteration % numPercents]; - unsigned int bufCnt = (unsigned int)(bufferMax * percent); - - // Check to make sure we didn't go out of bounds - if (bufCnt <= 0) - bufCnt = 1; - if (bufCnt > bufferMax) - bufCnt = bufferMax; - - // Read bytes into our buffer - bytesRead = stream.readBytes(buffer, bufCnt); - //XERCES_STD_QUALIFIER cerr << "Read " << bytesRead << " bytes into a " << bufCnt << " byte buffer\n"; - - if (bytesRead > 0) - { - // Write the data to standard out - XERCES_STD_QUALIFIER cout.write((char*)buffer, bytesRead); - } - - ++iteration; - } while (bytesRead > 0); -} - - -// --------------------------------------------------------------------------- -// Program entry point -// --------------------------------------------------------------------------- -int -main(int argc, char** argv) -{ - // Init the XML platform - try - { - XMLPlatformUtils::Initialize(); - } - - catch(const XMLException& toCatch) - { - XERCES_STD_QUALIFIER cout << "Error during platform init! Message:\n" - << toCatch.getMessage() << XERCES_STD_QUALIFIER endl; - return 1; - } - - // Look for our one and only parameter - if (argc != 2) - { - XERCES_STD_QUALIFIER cerr << "Usage: NetAccessorTest url\n" - "\n" - "This test reads data from the given url and writes the result\n" - "to standard output.\n" - "\n" - "A variety of buffer sizes is are used during the test.\n" - "\n" - ; - exit(1); - } - - // Get the URL - char* url = argv[1]; - - int r = 1; - - // Do the test - try - { - XMLURL xmlURL(url); - - // Get the netaccessor - XMLNetAccessor* na = XMLPlatformUtils::fgNetAccessor; - if (na == 0) - { - XERCES_STD_QUALIFIER cerr << "No netaccessor is available. Aborting.\n"; - exit(2); - } - - // Build a binary input stream - BinInputStream* is = na->makeNew(xmlURL); - if (is == 0) - { - XERCES_STD_QUALIFIER cerr << "No binary input stream created. Aborting.\n"; - exit(3); - } - - // Exercise the inputstream - exercise(*is); - - // Delete the is - delete is; - r = 0; - } - catch(const XMLException& toCatch) - { - XERCES_STD_QUALIFIER cerr << "Exception during test:\n " - << toCatch.getMessage() - << XERCES_STD_QUALIFIER endl; - } - - // And call the termination method - XMLPlatformUtils::Terminate(); - - return r; -} - diff --git a/libxerces-c/tests/net-accessor/NetAccessorTest.cpp b/libxerces-c/tests/net-accessor/NetAccessorTest.cpp new file mode 120000 index 0000000..d5c0609 --- /dev/null +++ b/libxerces-c/tests/net-accessor/NetAccessorTest.cpp @@ -0,0 +1 @@ +../../../upstream/tests/src/NetAccessorTest/NetAccessorTest.cpp \ No newline at end of file diff --git a/libxerces-c/tests/net-accessor/handle-exception-as-error.patch b/libxerces-c/tests/net-accessor/handle-exception-as-error.patch deleted file mode 100644 index 674e5ba..0000000 --- a/libxerces-c/tests/net-accessor/handle-exception-as-error.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/libxerces-c/tests/net-accessor/NetAccessorTest.cpp b/libxerces-c/tests/net-accessor/NetAccessorTest.cpp -index 3bb735b..c2affbd 100644 ---- a/libxerces-c/tests/net-accessor/NetAccessorTest.cpp -+++ b/libxerces-c/tests/net-accessor/NetAccessorTest.cpp -@@ -122,6 +122,8 @@ main(int argc, char** argv) - // Get the URL - char* url = argv[1]; - -+ int r = 1; -+ - // Do the test - try - { -@@ -148,11 +150,11 @@ main(int argc, char** argv) - - // Delete the is - delete is; -- -+ r = 0; - } - catch(const XMLException& toCatch) - { -- XERCES_STD_QUALIFIER cout << "Exception during test:\n " -+ XERCES_STD_QUALIFIER cerr << "Exception during test:\n " - << toCatch.getMessage() - << XERCES_STD_QUALIFIER endl; - } -@@ -160,6 +162,6 @@ main(int argc, char** argv) - // And call the termination method - XMLPlatformUtils::Terminate(); - -- return 0; -+ return r; - } - -- cgit v1.1