- Input is always dangerous.

- Add test that provokes stack overwrite. - Prevent stack overwrite.
author: Henning Baldersheim <balder@yahoo-inc.com> 2017-08-04 11:35:00 +0200
committer: Henning Baldersheim <balder@yahoo-inc.com> 2017-08-04 11:35:00 +0200
commit: 25dfe90ee8ee851f2c692829550e6f12502cf0b7 (patch)
tree: 6bea1622808d25d9c77451417f2457fb602302cb /searchlib/src/tests/query/query-old.cpp
parent: 591874352bf642b861a6ca461e5ca6427eaa9829 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/searchlib/src/tests/query/query-old.cpp b/searchlib/src/tests/query/query-old.cpp
index e8e0614f51a..204289ccf61 100644
--- a/searchlib/src/tests/query/query-old.cpp
+++ b/searchlib/src/tests/query/query-old.cpp
@@ -648,4 +648,9 @@ TEST("require that incorrectly specified diversity can be parsed") {
     EXPECT_FALSE(descending_query.isValid());
 }
 
+TEST("require that we do not f.. up the stack on bad query") {
+    QueryTermSimple term("<form><iframe+&#09;&#10;&#11;+src=\\\"javascript&#58;alert(1)\\\"&#11;&#10;&#09;;>", QueryTerm::WORD);
+    EXPECT_FALSE(term.isValid());
+}
+
 TEST_MAIN() { TEST_RUN_ALL(); }
author	Henning Baldersheim <balder@yahoo-inc.com>	2017-08-04 11:35:00 +0200
committer	Henning Baldersheim <balder@yahoo-inc.com>	2017-08-04 11:35:00 +0200
commit	25dfe90ee8ee851f2c692829550e6f12502cf0b7 (patch)
tree	6bea1622808d25d9c77451417f2457fb602302cb /searchlib/src/tests/query/query-old.cpp
parent	591874352bf642b861a6ca461e5ca6427eaa9829 (diff)