Author: svn-role
Date: Tue Nov 19 04:00:40 2024
New Revision: 1921951
URL: http://svn.apache.org/viewvc?rev=1921951&view=rev
Log:
Merge r1921371 from trunk:
* r1921371
Add regression tests for CVE-2024-45720.
Justification:
Ditto.
Votes:
+1: jun66j5, jcorvel
Modified:
subversion/branches/1.14.x/ (props changed)
subversion/branches/1.14.x/STATUS
subversion/branches/1.14.x/subversion/tests/cmdline/basic_tests.py
Propchange: subversion/branches/1.14.x/
------------------------------------------------------------------------------
Merged /subversion/trunk:r1921371
Modified: subversion/branches/1.14.x/STATUS
URL:
http://svn.apache.org/viewvc/subversion/branches/1.14.x/STATUS?rev=1921951&r1=1921950&r2=1921951&view=diff
==============================================================================
--- subversion/branches/1.14.x/STATUS (original)
+++ subversion/branches/1.14.x/STATUS Tue Nov 19 04:00:40 2024
@@ -49,10 +49,3 @@ Veto-blocked changes:
Approved changes:
=================
-
- * r1921371
- Add regression tests for CVE-2024-45720.
- Justification:
- Ditto.
- Votes:
- +1: jun66j5, jcorvel
Modified: subversion/branches/1.14.x/subversion/tests/cmdline/basic_tests.py
URL:
http://svn.apache.org/viewvc/subversion/branches/1.14.x/subversion/tests/cmdline/basic_tests.py?rev=1921951&r1=1921950&r2=1921951&view=diff
==============================================================================
--- subversion/branches/1.14.x/subversion/tests/cmdline/basic_tests.py
(original)
+++ subversion/branches/1.14.x/subversion/tests/cmdline/basic_tests.py Tue Nov
19 04:00:40 2024
@@ -3243,6 +3243,60 @@ def filtered_ls_top_level_path(sbox):
[], [], 'ls', f_path, '--search=*/*', *extra_opts)
+@SkipUnless(svntest.main.is_os_windows)
+def argv_with_best_fit_chars(sbox):
+ """argv with best fit chars"""
+
+ import ctypes
+ from ctypes import windll, wintypes
+
+ CP_ACP = 0
+ kernel32 = windll.kernel32
+ WideCharToMultiByte = kernel32.WideCharToMultiByte
+ WideCharToMultiByte.argtypes = [
+ wintypes.UINT, wintypes.DWORD, wintypes.LPCWSTR, ctypes.c_int,
+ wintypes.LPSTR, ctypes.c_int, wintypes.LPCSTR, wintypes.LPBOOL,
+ ]
+ WideCharToMultiByte.restype = ctypes.c_int
+ codepage = kernel32.GetACP()
+
+ def regexlines(*patterns):
+ return svntest.verify.RegexListOutput(list(patterns), match_all=True)
+
+ def iter_bestfit_chars():
+ chars = {b'"': 0, b'\\': 0, b' ': 0}
+ for c in range(0x80, 0x10000):
+ wcs = ctypes.create_unicode_buffer(chr(c))
+ mbcs = ctypes.create_string_buffer(8)
+ rc = WideCharToMultiByte(CP_ACP, 0, wcs, len(wcs), mbcs, len(mbcs), None,
+ None)
+ if rc == 0:
+ continue
+ mbcs = mbcs.value
+ if chars.get(mbcs) != 0:
+ continue
+ chars[mbcs] = c
+ yield chr(c), mbcs
+
+ count = 0
+ expected_stderr = svntest.verify.RegexListOutput(
+ [r'^"foo.+bar": unknown command\.\n$', '\n'], match_all=True)
+ for wc, mbcs in iter_bestfit_chars():
+ count += 1
+ logger.info('Code page %r - U+%04x -> 0x%s', codepage, ord(wc), mbcs.hex())
+ if mbcs == b'"':
+ svntest.actions.run_and_verify_svn2(None, expected_stderr, 0, 'help',
+ 'foo{0} {0}bar'.format(wc))
+ elif mbcs == b'\\':
+ svntest.actions.run_and_verify_svn2(None, expected_stderr, 0, 'help',
+ 'foo{0}" {0}"bar'.format(wc))
+ elif mbcs == b' ':
+ svntest.actions.run_and_verify_svn2(None, expected_stderr, 0, 'help',
+ 'foo{0}bar'.format(wc))
+ if count == 0:
+ raise svntest.Skip('No best fit characters in code page %r' % codepage)
+
+
########################################################################
# Run the tests
@@ -3318,6 +3372,7 @@ test_list = [ None,
null_update_last_changed_revision,
null_prop_update_last_changed_revision,
filtered_ls_top_level_path,
+ argv_with_best_fit_chars,
]
if __name__ == '__main__':
