BUG 2381: parse_token overrun.

This commit is contained in:
Enno Rehling 2017-10-29 18:03:44 +01:00
parent 5373d7755e
commit 0277e10c8d
2 changed files with 16 additions and 2 deletions

View File

@ -177,11 +177,15 @@ char *parse_token(const char **str, char *lbuf, size_t buflen)
++ctoken; ++ctoken;
} }
else { else {
if (cursor - buflen < lbuf - len) {
*cursor++ = *ctoken++; *cursor++ = *ctoken++;
} }
} }
}
else if (utf8_character == SPACE_REPLACEMENT) { else if (utf8_character == SPACE_REPLACEMENT) {
if (cursor - buflen < lbuf - len) {
*cursor++ = ' '; *cursor++ = ' ';
}
++ctoken; ++ctoken;
} }
else if (utf8_character == ESCAPE_CHAR) { else if (utf8_character == ESCAPE_CHAR) {

View File

@ -28,6 +28,15 @@ static void test_parse_token(CuTest *tc) {
CuAssertPtrEquals(tc, NULL, (void *)tok); CuAssertPtrEquals(tc, NULL, (void *)tok);
} }
static void test_parse_token_bug_2381(CuTest *tc) {
const char *stok, *s = "Bitte~wechselt~auf~die~trireme~3im9,~sobald~eine~Crew~da~ist,~geht~es~los~:)";
char token[64];
stok = s;
stok = parse_token(&stok, token, sizeof(token));
CuAssertTrue(tc, strlen(token) < sizeof(token));
}
static void test_parse_token_limit(CuTest *tc) { static void test_parse_token_limit(CuTest *tc) {
char lbuf[8]; char lbuf[8];
const char *tok; const char *tok;
@ -117,6 +126,7 @@ CuSuite *get_parser_suite(void)
SUITE_ADD_TEST(suite, test_atoip); SUITE_ADD_TEST(suite, test_atoip);
SUITE_ADD_TEST(suite, test_skip_token); SUITE_ADD_TEST(suite, test_skip_token);
SUITE_ADD_TEST(suite, test_parse_token); SUITE_ADD_TEST(suite, test_parse_token);
SUITE_ADD_TEST(suite, test_parse_token_bug_2381);
SUITE_ADD_TEST(suite, test_parse_token_limit); SUITE_ADD_TEST(suite, test_parse_token_limit);
SUITE_ADD_TEST(suite, test_parse_token_limit_utf8); SUITE_ADD_TEST(suite, test_parse_token_limit_utf8);
SUITE_ADD_TEST(suite, test_gettoken); SUITE_ADD_TEST(suite, test_gettoken);