1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
From ae03c6107dfa18e648f6fdd1280f5b89092d5d49 Mon Sep 17 00:00:00 2001
From: Chris Sewell <chrisj_sewell@hotmail.com>
Date: Wed, 22 Feb 2023 05:56:39 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20FIX:=20CVE-2023-26303=20(#246)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bug-Debian: https://bugs.debian.org/1031764
Fix unnecessary asserts, leading to crashes
---
markdown_it/renderer.py | 20 ++++++++------------
markdown_it/rules_core/replacements.py | 3 ++-
markdown_it/rules_core/smartquotes.py | 4 ++--
tests/test_port/fixtures/issue-fixes.md | 9 +++++++++
tests/test_port/test_fixtures.py | 1 +
5 files changed, 22 insertions(+), 15 deletions(-)
Index: markdown-it-py-2.1.0/markdown_it/renderer.py
===================================================================
--- markdown-it-py-2.1.0.orig/markdown_it/renderer.py 2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/markdown_it/renderer.py 2023-03-31 07:50:21.635213318 -0300
@@ -84,8 +84,8 @@
for i, token in enumerate(tokens):
if token.type == "inline":
- assert token.children is not None
- result += self.renderInline(token.children, options, env)
+ if token.children:
+ result += self.renderInline(token.children, options, env)
elif token.type in self.rules:
result += self.rules[token.type](tokens, i, options, env)
else:
@@ -207,8 +207,8 @@
if token.type == "text":
result += token.content
elif token.type == "image":
- assert token.children is not None
- result += self.renderInlineAsText(token.children, options, env)
+ if token.children:
+ result += self.renderInlineAsText(token.children, options, env)
elif token.type == "softbreak":
result += "\n"
@@ -306,14 +306,10 @@
# "alt" attr MUST be set, even if empty. Because it's mandatory and
# should be placed on proper position for tests.
-
- assert (
- token.attrs and "alt" in token.attrs
- ), '"image" token\'s attrs must contain `alt`'
-
- # Replace content with actual value
-
- token.attrSet("alt", self.renderInlineAsText(token.children, options, env))
+ if token.children:
+ token.attrSet("alt", self.renderInlineAsText(token.children, options, env))
+ else:
+ token.attrSet("alt", "")
return self.renderToken(tokens, idx, options, env)
Index: markdown-it-py-2.1.0/markdown_it/rules_core/replacements.py
===================================================================
--- markdown-it-py-2.1.0.orig/markdown_it/rules_core/replacements.py 2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/markdown_it/rules_core/replacements.py 2023-03-31 07:50:21.635213318 -0300
@@ -116,7 +116,8 @@
for token in state.tokens:
if token.type != "inline":
continue
- assert token.children is not None
+ if token.children is None:
+ continue
if SCOPED_ABBR_RE.search(token.content):
replace_scoped(token.children)
Index: markdown-it-py-2.1.0/markdown_it/rules_core/smartquotes.py
===================================================================
--- markdown-it-py-2.1.0.orig/markdown_it/rules_core/smartquotes.py 2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/markdown_it/rules_core/smartquotes.py 2023-03-31 07:50:21.635213318 -0300
@@ -198,5 +198,5 @@
if token.type != "inline" or not QUOTE_RE.search(token.content):
continue
- assert token.children is not None
- process_inlines(token.children, state)
+ if token.children is not None:
+ process_inlines(token.children, state)
Index: markdown-it-py-2.1.0/tests/test_port/fixtures/issue-fixes.md
===================================================================
--- markdown-it-py-2.1.0.orig/tests/test_port/fixtures/issue-fixes.md 2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/tests/test_port/fixtures/issue-fixes.md 2023-03-31 07:50:21.635213318 -0300
@@ -36,3 +36,12 @@
.
<p>💬</p>
.
+
+Fix CVE-2023-26303
+.
+![![]()
+]([)
+.
+<p><img src="%5B" alt="
+" /></p>
+.
Index: markdown-it-py-2.1.0/tests/test_port/test_fixtures.py
===================================================================
--- markdown-it-py-2.1.0.orig/tests/test_port/test_fixtures.py 2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/tests/test_port/test_fixtures.py 2023-03-31 07:50:21.635213318 -0300
@@ -111,4 +111,5 @@
def test_issue_fixes(line, title, input, expected):
md = MarkdownIt()
text = md.render(input)
+ print(text)
assert text.rstrip() == expected.rstrip()
|