34 lines
1.3 KiB
Diff
34 lines
1.3 KiB
Diff
From b6a790412ccacd9b90486fdb86e29f2e49c8fa6c Mon Sep 17 00:00:00 2001
|
|
From: wangshuo <wangshuo@kylinos.cn>
|
|
Date: Fri, 25 Oct 2024 10:13:37 +0800
|
|
Subject: [PATCH 3/3] [3.7] gh-115133: Fix test_xml_etree error with expat
|
|
versions that fix CVE-2023-52425
|
|
|
|
Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425.
|
|
According to the upstream solution, chunk_size=22 is the smallest value
|
|
that can pass the tests.
|
|
|
|
See https://github.com/python/cpython/issues/115133
|
|
---
|
|
Lib/test/test_xml_etree.py | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
|
|
index 5ba0de8..7b225ad 100644
|
|
--- a/Lib/test/test_xml_etree.py
|
|
+++ b/Lib/test/test_xml_etree.py
|
|
@@ -1060,7 +1060,9 @@ class XMLPullParserTest(unittest.TestCase):
|
|
expected)
|
|
|
|
def test_simple_xml(self):
|
|
- for chunk_size in (None, 1, 5):
|
|
+ # Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425.
|
|
+ # See https://github.com/python/cpython/issues/115133
|
|
+ for chunk_size in (None, 22, 25):
|
|
with self.subTest(chunk_size=chunk_size):
|
|
parser = ET.XMLPullParser()
|
|
self.assert_event_tags(parser, [])
|
|
--
|
|
2.33.0
|
|
|