Issue #867 - also disallow control characters in keys

diff --git a/json_tokener.c b/json_tokener.c
index 53ef209563b68871b685e23b41be6c32b6379392..a6bcbbb403c0c774be30786e93c05bc5d765351a 100644 (file)
--- a/json_tokener.c
+++ b/json_tokener.c
@@ -1250,6 +1250,12 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
                                        state = json_tokener_state_string_escape;
                                        break;
                                }
+                               else if ((tok->flags & JSON_TOKENER_STRICT) && (unsigned char)c <= 0x1f)
+                               {
+                                       // Disallow control characters in strict mode
+                                       tok->err = json_tokener_error_parse_string;
+                                       goto out;
+                               }
                                if (!ADVANCE_CHAR(str, tok) || !PEEK_CHAR(c, tok))
                                {
                                        printbuf_memappend_checked(tok->pb, case_start,

diff --git a/tests/test_parse.c b/tests/test_parse.c
index 525f68c3b7a2608138db56de1c085bb0b81549e3..71b881c2023b7c2a5b0a7ac8279ab63c3b7a8cc2 100644 (file)
--- a/tests/test_parse.c
+++ b/tests/test_parse.c
@@ -611,6 +611,10 @@ struct incremental_step
       "\x10\x11\x12\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\"",
       -1, -1, json_tokener_success, 1, 0 },
 
+    { "{\"0\x01\x02\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" \
+      "\x10\x11\x12\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\":1}",
+      -1, -1, json_tokener_success, 1, 0 },
+
     // Test control chars again, this time in strict mode, which should fail
     { "\"\x01\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
     { "\"\x02\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
@@ -644,6 +648,38 @@ struct incremental_step
     { "\"\x1e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
     { "\"\x1f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
 
+    { "{\"\x01\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x02\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x03\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x04\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x05\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x06\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x07\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x08\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x09\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0a\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0b\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0c\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0d\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0e\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0f\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x10\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x11\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x12\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x13\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x14\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x15\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x16\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x17\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x18\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x19\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1a\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1b\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1c\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1d\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1e\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1f\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+
     {NULL, -1, -1, json_tokener_success, 0, 0},
 };
 

diff --git a/tests/test_parse.expected b/tests/test_parse.expected
index cc5dd1014d41c99c8207abb8e81484a923e7f197..c82cfd1cc9c610d54b248dbd69bd9bde4cf91015 100644 (file)
--- a/tests/test_parse.expected
+++ b/tests/test_parse.expected
@@ -297,6 +297,8 @@ json_tokener_parse_ex(tok, 11
 json_tokener_parse_ex(tok, {"1\81":1}    ,   8) ... OK: got correct error: invalid utf-8 string
 json_tokener_parse_ex(tok, "0\ 1\ 2\ 2\ 3\ 4\ 5\ 6\a\b 
 \v\f\r\ e\ f\10\11\12\12\13\14\15\16\17\18\19\1a\e\1c\1d\1e\1f",  36) ... OK: got object of type [string]: "0\u0001\u0002\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f"
+json_tokener_parse_ex(tok, {"0\ 1\ 2\ 2\ 3\ 4\ 5\ 6\a\b        
+\v\f\r\ e\ f\10\11\12\12\13\14\15\16\17\18\19\1a\e\1c\1d\1e\1f":1},  40) ... OK: got object of type [object]: { "0\u0001\u0002\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f": 1 }
 json_tokener_parse_ex(tok, "\ 1"         ,   3) ... OK: got correct error: invalid string sequence
 json_tokener_parse_ex(tok, "\ 2"         ,   3) ... OK: got correct error: invalid string sequence
 json_tokener_parse_ex(tok, "\ 3"         ,   3) ... OK: got correct error: invalid string sequence
@@ -329,5 +331,37 @@ json_tokener_parse_ex(tok, "\1c"         ,   3) ... OK: got correct error: invalid
 json_tokener_parse_ex(tok, "\1d"         ,   3) ... OK: got correct error: invalid string sequence
 json_tokener_parse_ex(tok, "\1e"         ,   3) ... OK: got correct error: invalid string sequence
 json_tokener_parse_ex(tok, "\1f"         ,   3) ... OK: got correct error: invalid string sequence
-End Incremental Tests OK=237 ERROR=0
+json_tokener_parse_ex(tok, {"\ 1":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\ 2":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\ 3":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\ 4":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\ 5":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\ 6":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\a":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\b":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"  ":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"
+":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\v":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\f":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\r":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\ e":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\ f":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\10":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\11":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\12":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\13":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\14":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\15":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\16":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\17":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\18":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\19":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\1a":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\e":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\1c":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\1d":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\1e":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"\1f":1}     ,   7) ... OK: got correct error: invalid string sequence
+End Incremental Tests OK=269 ERROR=0
 ==================================