Marc/server
1
0
Fork 0
forked from github/server
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #784 from ennorehling/develop

Browse source 
fix str_escape read overflow
This commit is contained in:
Enno Rehling 2018-05-27 15:22:49 +02:00 committed by GitHub
commit 82f2aa0d52
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/util/strings.c
View file

@ -312,10 +312,13 @@ char *str_unescape(char *str) {
const char *str_escape_ex(const char *str, char *buffer, size_t size, const char *chars)
{
size_t slen = strlen(str);
const char *read = str;
char *write = buffer;
if (size < 1) return NULL;
while (size > 1 && *read) {
if (size < 1) {
return NULL;
}
while (slen > 0 && size > 1 && *read) {
const char *pos = strpbrk(read, chars);
size_t len = size;
if (pos) {
@ -324,7 +327,11 @@ const char *str_escape_ex(const char *str, char *buffer, size_t size, const char
if (len < size) {
unsigned char ch = *(const unsigned char *)pos;
if (len > 0) {
if (len > slen) {
len = slen;
}
memmove(write, read, len);
slen -= len;
write += len;
read += len;
size -= len;
@ -376,13 +383,18 @@ const char *str_escape_ex(const char *str, char *buffer, size_t size, const char
else size = 1;
}
++read;
--slen;
} else {
/* end of buffer space */
len = size - 1;
if (len > 0) {
if (len > slen) {
len = slen;
}
memmove(write, read, len);
write += len;
size -= len;
slen -= len;
break;
}
}

11
src/util/strings.test.c
View file

@ -22,6 +22,16 @@ static void test_str_unescape(CuTest * tc)
CuAssertStrEquals(tc, "\"\\\n\t\ra", scratch);
}
static void test_str_escape_ex(CuTest * tc)
{
char scratch[16];
CuAssertPtrEquals(tc, NULL, (void *)str_escape_ex("1234", scratch, 0, "\\\""));
memset(scratch, 0, sizeof(scratch));
CuAssertStrEquals(tc, "1234", (void *)str_escape_ex("1234\000abcd", scratch, 16, "\\\""));
CuAssertIntEquals(tc, 0, scratch[5]);
}
static void test_str_escape(CuTest * tc)
{
char scratch[16];
@ -149,6 +159,7 @@ CuSuite *get_strings_suite(void)
CuSuite *suite = CuSuiteNew();
SUITE_ADD_TEST(suite, test_str_hash);
SUITE_ADD_TEST(suite, test_str_escape);
SUITE_ADD_TEST(suite, test_str_escape_ex);
SUITE_ADD_TEST(suite, test_str_unescape);
SUITE_ADD_TEST(suite, test_str_replace);
SUITE_ADD_TEST(suite, test_str_slprintf);