Blame tests/bugfixes/github/test_issue_853.py
|
Packit |
01d647 |
# -*- coding: utf-8 -*-
|
|
Packit |
01d647 |
|
|
Packit |
01d647 |
from system_tests import CaseMeta, path
|
|
Packit |
01d647 |
|
|
Packit |
01d647 |
|
|
Packit |
01d647 |
class DenialOfServiceInAdjustTimeOverflow(metaclass=CaseMeta):
|
|
Packit |
01d647 |
"""
|
|
Packit |
01d647 |
Regression test for the bug described in:
|
|
Packit |
01d647 |
https://github.com/Exiv2/exiv2/issues/853
|
|
Packit |
01d647 |
|
|
Packit |
01d647 |
The date parsing code in XMPUtils::ConvertToDate does not
|
|
Packit |
01d647 |
check that the month and day are in bounds. This can cause a
|
|
Packit |
01d647 |
denial of service in AdjustTimeOverflow because it adjusts
|
|
Packit |
01d647 |
out-of-bounds days in a loop that subtracts one month per
|
|
Packit |
01d647 |
iteration.
|
|
Packit |
01d647 |
"""
|
|
Packit |
01d647 |
url = "https://github.com/Exiv2/exiv2/issues/853"
|
|
Packit |
01d647 |
|
|
Packit |
01d647 |
filename = path("$data_path/issue_853_poc.jpg")
|
|
Packit |
01d647 |
commands = ["$exiv2 $filename"]
|
|
Packit |
01d647 |
stdout = [""]
|
|
Packit |
01d647 |
stderr = [
|
|
Packit |
01d647 |
"""Exiv2 exception in print action for file $filename:
|
|
Packit |
01d647 |
Not a valid ICC Profile
|
|
Packit |
01d647 |
"""]
|
|
Packit |
01d647 |
retval = [1]
|