upstream/mercurial-mirror Files · tests/test-revlog.t

parsers: fix list sizing rounding error (SEC)...

parsers: fix list sizing rounding error (SEC) CVE-2016-3630 (1/2) This addresses part of a vulnerability in application of binary deltas.

Matt Mackall - - Load All Authors

File last commit:

r28656:b6ed2505 stable


                r28656:b6ed2505

stable

Download file

             test-revlog.t
        
                    15 lines
            
             | 624 B
            
                | text/troff
            
             |
                Tads3Lexer
            
             / tests / test-revlog.t
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      Test for CVE-2016-3630

        $ hg init

        >>> open("a.i", "w").write(

        ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD

        ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""

        ... .decode("base64").decode("zlib"))

        $ hg debugindex a.i

           rev    offset  length  delta linkrev nodeid       p1           p2

             0         0      19     -1       2 99e0332bd498 000000000000 000000000000

             1        19      12      0       3 6674f57a23d8 99e0332bd498 000000000000

        $ hg debugdata a.i 1 2>&1 | grep decoded

        mpatch.mpatchError: patch cannot be decoded

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				Test for CVE-2016-3630

				$ hg init

				>>> open("a.i", "w").write(
				... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
				... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
				... .decode("base64").decode("zlib"))

				$ hg debugindex a.i
				rev offset length delta linkrev nodeid p1 p2
				0 0 19 -1 2 99e0332bd498 000000000000 000000000000
				1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000
				$ hg debugdata a.i 1 2>&1 \| grep decoded
				mpatch.mpatchError: patch cannot be decoded