Issue #867: disallow control characters in strict mode.

diff --git a/json_tokener.c b/json_tokener.c
index 0a86d82108a2cc8de84737d303c1820a51c5bd85..c831f8a5d31c4719ae14743cb5a6d584ba046238 100644 (file)
--- a/json_tokener.c
+++ b/json_tokener.c
@@ -678,6 +678,12 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
                                        state = json_tokener_state_string_escape;
                                        break;
                                }
+                               else if ((tok->flags & JSON_TOKENER_STRICT) && c <= 0x1f)
+                               {
+                                       // Disallow control characters in strict mode
+                                       tok->err = json_tokener_error_parse_string;
+                                       goto out;
+                               }
                                if (!ADVANCE_CHAR(str, tok) || !PEEK_CHAR(c, tok))
                                {
                                        printbuf_memappend_checked(tok->pb, case_start,

diff --git a/tests/test_parse.c b/tests/test_parse.c
index 92d822a7da59d9cf4983afb1645dc26b53aacd32..d664a316f50ae7b3eb8feec5c012a7d925d68b0f 100644 (file)
--- a/tests/test_parse.c
+++ b/tests/test_parse.c
@@ -535,7 +535,7 @@ struct incremental_step
     {"{\"a\":}", -1, 5, json_tokener_error_parse_unexpected, 1, 0},
     {"{\"a\":1,\"a\":2}", -1, -1, json_tokener_success, 1, 0},
     {"\"a\":1}", -1, 3, json_tokener_success, 1, 0},
-    {"{\"a\":1", -1, -1, json_tokener_continue, 1, 0},
+    {"{\"a\":1", -1, -1, json_tokener_continue, 1, 0}, //}
     {"[,]", -1, 1, json_tokener_error_parse_unexpected, 1, 0},
     {"[,1]", -1, 1, json_tokener_error_parse_unexpected, 1, 0},
 
@@ -595,6 +595,44 @@ struct incremental_step
     {"\x7b\x22\x31\x81\x22\x3a\x31\x7d", -1, 3, json_tokener_error_parse_utf8_string, 1,
      JSON_TOKENER_VALIDATE_UTF8},
 
+    // Note, current asciiz APIs can't parse \x00, skip it
+    { "\"0\x01\x02\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" \
+      "\x10\x11\x12\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\"",
+      -1, -1, json_tokener_success, 1, 0 },
+
+    // Test control chars again, this time in strict mode, which should fail
+    { "\"\x01\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x02\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x03\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x04\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x05\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x06\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x07\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x08\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x09\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0a\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0b\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0c\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0d\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x10\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x11\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x12\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x13\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x14\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x15\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x16\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x17\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x18\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x19\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1a\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1b\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1c\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1d\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+
     {NULL, -1, -1, json_tokener_success, 0, 0},
 };