peisongxiao/yaml-cpp
1
0
Fork 0
mirror of https://github.com/jbeder/yaml-cpp.git synced 2025-09-09 04:41:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix stack overflow (#807)

Browse Source 
Fix stack overflow in HandleNode by explicitly limiting the depth of recursion.
This commit is contained in:
Alan Griffiths
2020-04-09 19:02:10 +01:00
committed by GitHub
parent 70205f5d88
commit 4edff1fa5d
5 changed files with 140 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
test/parser_test.cpp
View File

@@ -1,9 +1,12 @@
#include <yaml-cpp/depthguard.h>
#include "yaml-cpp/parser.h"
#include "yaml-cpp/exceptions.h"
#include "mock_event_handler.h"
#include "gtest/gtest.h"
using YAML::Parser;
using YAML::MockEventHandler;
using ::testing::NiceMock;
using ::testing::StrictMock;
TEST(ParserTest, Empty) {
@@ -14,3 +17,48 @@ TEST(ParserTest, Empty) {
StrictMock<MockEventHandler> handler;
EXPECT_FALSE(parser.HandleNextDocument(handler));
}
TEST(ParserTest, CVE_2017_5950) {
std::string excessive_recursion;
for (auto i = 0; i != 16384; ++i)
excessive_recursion.push_back('[');
std::istringstream input{excessive_recursion};
Parser parser{input};
NiceMock<MockEventHandler> handler;
EXPECT_THROW(parser.HandleNextDocument(handler), YAML::DeepRecursion);
}
TEST(ParserTest, CVE_2018_20573) {
std::string excessive_recursion;
for (auto i = 0; i != 20535; ++i)
excessive_recursion.push_back('{');
std::istringstream input{excessive_recursion};
Parser parser{input};
NiceMock<MockEventHandler> handler;
EXPECT_THROW(parser.HandleNextDocument(handler), YAML::DeepRecursion);
}
TEST(ParserTest, CVE_2018_20574) {
std::string excessive_recursion;
for (auto i = 0; i != 21989; ++i)
excessive_recursion.push_back('{');
std::istringstream input{excessive_recursion};
Parser parser{input};
NiceMock<MockEventHandler> handler;
EXPECT_THROW(parser.HandleNextDocument(handler), YAML::DeepRecursion);
}
TEST(ParserTest, CVE_2019_6285) {
std::string excessive_recursion;
for (auto i = 0; i != 23100; ++i)
excessive_recursion.push_back('[');
excessive_recursion.push_back('f');
std::istringstream input{excessive_recursion};
Parser parser{input};
NiceMock<MockEventHandler> handler;
EXPECT_THROW(parser.HandleNextDocument(handler), YAML::DeepRecursion);
}