]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 32bd32d)
lib: json-parser - check for valid hex in unicode escape
authorAki Tuomi <aki.tuomi@dovecot.fi>
Mon, 6 Nov 2017 12:40:08 +0000 (14:40 +0200)
committerTimo Sirainen <tss@dovecot.fi>
Tue, 7 Nov 2017 17:40:09 +0000 (19:40 +0200)
src/lib/json-parser.c patch | blob | blame | history
src/lib/test-json-parser.c patch | blob | blame | history

diff --git a/src/lib/json-parser.c b/src/lib/json-parser.c
index 09964741ce91cf4302b6fc55df9cb9fc7a6a0332..acece1acb51102808f2b8435be92d9a9b78a5e0e 100644 (file)
--- a/src/lib/json-parser.c
+++ b/src/lib/json-parser.c
@@ -205,6 +205,7 @@ static int json_skip_string(struct json_parser *parser)
 
 static int json_parse_unicode_escape(struct json_parser *parser)
 {
+       char chbuf[5] = {0};
        unichar_t chr, hi_surg;
 
        parser->data++;
@@ -213,7 +214,11 @@ static int json_parse_unicode_escape(struct json_parser *parser)
                parser->data = parser->end;
                return 0;
        }
-       chr = hex2dec(parser->data, 4);
+       memcpy(chbuf, parser->data, 4);
+       if (str_to_uint32_hex(chbuf, &chr) < 0) {
+               parser->error = "Invalid unicode escape seen";
+               return -1;
+       }
        if (UTF16_VALID_HIGH_SURROGATE(chr)) {
                /* possible surrogate pair */
                hi_surg = chr;
@@ -241,7 +246,11 @@ static int json_parse_unicode_escape(struct json_parser *parser)
                        }
                        /* error */
                } else {
-                       chr = hex2dec(&parser->data[2], 4);
+                       memcpy(chbuf, &parser->data[2], 4);
+                       if (str_to_uint32_hex(chbuf, &chr) < 0) {
+                               parser->error = "Invalid unicode escape seen";
+                               return -1;
+                       }
                }
                if (parser->data[0] != '\\' || parser->data[1] != 'u' ||
                    !UTF16_VALID_LOW_SURROGATE(chr)) {
diff --git a/src/lib/test-json-parser.c b/src/lib/test-json-parser.c
index eedeb8440a7b919f7d26c0b94d39d58683a9b894..403d81c60daa7783796a132c6c559cd83d08ddb8 100644 (file)
--- a/src/lib/test-json-parser.c
+++ b/src/lib/test-json-parser.c
@@ -252,6 +252,7 @@ static void test_json_parser_errors(void)
                "{\"foo\": 1},{}",
                "{\"foo\": \"\\ud808\"}",
                "{\"foo\": \"\\udfff\"}",
+               "{\"foo\": \"\\uyyyy\"}",
        };
        unsigned int i;
 
Mirror of https://github.com/dovecot/core.git