diff options
| author | Martin Michlmayr <tbm@cyrius.com> | 2019-01-15 20:55:53 -0300 |
|---|---|---|
| committer | Martin Michlmayr <tbm@cyrius.com> | 2019-01-15 21:02:20 -0300 |
| commit | 5682f377aed5b0db6b6c4a44b1d8868103b7e9f7 (patch) | |
| tree | 86b6cb7ce492e822d50b19d1a9c0281ee148e59c /test/regress | |
| parent | bec7d3e82c52fd331d73bc9b2006e0ec86a23af9 (diff) | |
| download | fork-ledger-5682f377aed5b0db6b6c4a44b1d8868103b7e9f7.tar.gz fork-ledger-5682f377aed5b0db6b6c4a44b1d8868103b7e9f7.tar.bz2 fork-ledger-5682f377aed5b0db6b6c4a44b1d8868103b7e9f7.zip | |
Fix parsing issue involving effective dates
Cory Duplantis reported that "A specially crafted journal file can
cause [an] integer underflow resulting in code execution". Cory
provided this test case:
Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01]
Note the ] that comes before [ after the ;.
This issue was reported and described in great detail by Cory Duplantis
of Cisco Talos. This issue is known as TALOS-2017-0303 and has been
assigned CVE-2017-2807. Cory's description can be found at
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
Fixes #1722
Diffstat (limited to 'test/regress')
| -rw-r--r-- | test/regress/1722.test | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/regress/1722.test b/test/regress/1722.test new file mode 100644 index 00000000..432a19b2 --- /dev/null +++ b/test/regress/1722.test @@ -0,0 +1,12 @@ + +2003/12/20 Organic Co-op + Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01] + Assets:Cash $-37.50 + +test bal + $ -37.50 Assets:Cash + $ 37.50 Expenses:Food:Groceries +-------------------- + 0 +end test + |