From: Lennart Poettering Date: Tue, 8 Jan 2019 17:34:38 +0000 (+0100) Subject: json: let's not accept embedded NUL bytes when allocating JSON strings X-Git-Tag: v243-rc1~515 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cbb3092ce647221644204c4b79ae8088303bda82;p=thirdparty%2Fsystemd.git json: let's not accept embedded NUL bytes when allocating JSON strings Let's add an additional paranoia check, and not accept embedded NUL bytes in strings, just in case. --- diff --git a/src/shared/json.c b/src/shared/json.c index 38113d792cf..073f800b346 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -379,9 +379,13 @@ int json_variant_new_stringn(JsonVariant **ret, const char *s, size_t n) { assert_return(ret, -EINVAL); if (!s) { - assert_return(n == 0, -EINVAL); + assert_return(IN_SET(n, 0, (size_t) -1), -EINVAL); return json_variant_new_null(ret); } + if (n == (size_t) -1) /* determine length automatically */ + n = strlen(s); + else if (memchr(s, 0, n)) /* don't allow embedded NUL, as we can't express that in JSON */ + return -EINVAL; if (n == 0) { *ret = JSON_VARIANT_MAGIC_EMPTY_STRING; return 0; @@ -585,7 +589,7 @@ int json_variant_new_array_strv(JsonVariant **ret, char **l) { if (k > INLINE_STRING_MAX) { /* If string is too long, store it as reference. */ - r = json_variant_new_stringn(&w->reference, l[v->n_elements], k); + r = json_variant_new_string(&w->reference, l[v->n_elements]); if (r < 0) return r; diff --git a/src/shared/json.h b/src/shared/json.h index 70dfe70dfd2..057dc2633e9 100644 --- a/src/shared/json.h +++ b/src/shared/json.h @@ -65,7 +65,7 @@ int json_variant_new_object(JsonVariant **ret, JsonVariant **array, size_t n); int json_variant_new_null(JsonVariant **ret); static inline int json_variant_new_string(JsonVariant **ret, const char *s) { - return json_variant_new_stringn(ret, s, strlen_ptr(s)); + return json_variant_new_stringn(ret, s, (size_t) -1); } JsonVariant *json_variant_ref(JsonVariant *v);