From 073418af05eca9a1747b9a89814285907b92a671 Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Wed, 4 May 2016 11:28:09 +0300
Subject: [PATCH] Issue #26873: xmlrpclib now raises ResponseError on
 unsupported type tags instead of silently return incorrect result.

---
 Lib/test/test_xmlrpc.py | 14 ++++++++++++++
 Lib/xmlrpclib.py        |  3 +++
 Misc/NEWS               |  3 +++
 3 files changed, 20 insertions(+)

diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
index ca8d5d8cc03e..97d9e8f789cd 100644
--- a/Lib/test/test_xmlrpc.py
+++ b/Lib/test/test_xmlrpc.py
@@ -208,6 +208,20 @@ class XMLRPCTestCase(unittest.TestCase):
             self.assertEqual(s, "abc \xc2\x95")
             self.assertEqual(items, [("def \xc2\x96", "ghi \xc2\x97")])
 
+    def test_loads_unsupported(self):
+        ResponseError = xmlrpclib.ResponseError
+        data = '<params><param><value><spam/></value></param></params>'
+        self.assertRaises(ResponseError, xmlrpclib.loads, data)
+        data = ('<params><param><value><array>'
+                '<value><spam/></value>'
+                '</array></value></param></params>')
+        self.assertRaises(ResponseError, xmlrpclib.loads, data)
+        data = ('<params><param><value><struct>'
+                '<member><name>a</name><value><spam/></value></member>'
+                '<member><name>b</name><value><spam/></value></member>'
+                '</struct></value></param></params>')
+        self.assertRaises(ResponseError, xmlrpclib.loads, data)
+
 
 class HelperTestCase(unittest.TestCase):
     def test_escape(self):
diff --git a/Lib/xmlrpclib.py b/Lib/xmlrpclib.py
index 3a2c0bf38f19..e072f71a3aca 100644
--- a/Lib/xmlrpclib.py
+++ b/Lib/xmlrpclib.py
@@ -784,6 +784,7 @@ class Unmarshaller:
         self._stack = []
         self._marks = []
         self._data = []
+        self._value = False
         self._methodname = None
         self._encoding = "utf-8"
         self.append = self._stack.append
@@ -814,6 +815,8 @@ class Unmarshaller:
         if tag == "array" or tag == "struct":
             self._marks.append(len(self._stack))
         self._data = []
+        if self._value and tag not in self.dispatch:
+            raise ResponseError("unknown tag %r" % tag)
         self._value = (tag == "value")
 
     def data(self, text):
diff --git a/Misc/NEWS b/Misc/NEWS
index e521ae1488f6..88f7486203c4 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -77,6 +77,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #26873: xmlrpclib now raises ResponseError on unsupported type tags
+  instead of silently return incorrect result.
+
 - Issue #24114: Fix an uninitialized variable in `ctypes.util`.
 
   The bug only occurs on SunOS when the ctypes implementation searches
-- 
2.47.3