Mercurial > hg
view tests/test-sshserver.py @ 38935:27a54096c92e
linelog: fix infinite loop vulnerability
Checking `len(lines)` is not a great way of detecting infinite loops, as
demonstrated in the added test. Therefore check instruction count instead.
The original C implementation does not have this problem. There are a few
other places where the C implementation enforces more strictly, like
`a1 <= a2`, `b1 <= b2`, `rev > 0`. But they are optional.
Test Plan:
Add a test. The old code forces the test to time out.
Differential Revision: https://phab.mercurial-scm.org/D4151
| author | Jun Wu <quark@fb.com> |
|---|---|
| date | Mon, 06 Aug 2018 22:24:00 -0700 |
| parents | b4d85bc122bd |
| children | cf8677cd7286 |
line wrap: on
line source
from __future__ import absolute_import, print_function import io import unittest import silenttestrunner from mercurial import ( wireprotoserver, wireprotov1server, ) from mercurial.utils import ( procutil, ) class SSHServerGetArgsTests(unittest.TestCase): def testparseknown(self): tests = [ (b'* 0\nnodes 0\n', [b'', {}]), (b'* 0\nnodes 40\n1111111111111111111111111111111111111111\n', [b'1111111111111111111111111111111111111111', {}]), ] for input, expected in tests: self.assertparse(b'known', input, expected) def assertparse(self, cmd, input, expected): server = mockserver(input) proto = wireprotoserver.sshv1protocolhandler(server._ui, server._fin, server._fout) _func, spec = wireprotov1server.commands[cmd] self.assertEqual(proto.getargs(spec), expected) def mockserver(inbytes): ui = mockui(inbytes) repo = mockrepo(ui) return wireprotoserver.sshserver(ui, repo) class mockrepo(object): def __init__(self, ui): self.ui = ui class mockui(object): def __init__(self, inbytes): self.fin = io.BytesIO(inbytes) self.fout = io.BytesIO() self.ferr = io.BytesIO() if __name__ == '__main__': # Don't call into msvcrt to set BytesIO to binary mode procutil.setbinary = lambda fp: True silenttestrunner.main(__name__)