From: Jouni Malinen <j@w1.fi>
Date: Sat, 9 Feb 2019 23:40:36 +0000 (+0200)
Subject: JSON: Fix string parsing when \\ escape is at the end of buffer
X-Git-Tag: hostap_2_8~387
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e5506588dcc4b2a4d3884459327a9d25e0ad288;p=thirdparty%2Fhostap.git

JSON: Fix string parsing when \\ escape is at the end of buffer

This would have resulted in reading one octet past the end of the buffer
before rejecting the string.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/utils/json.c b/src/utils/json.c
index c6ada0548..b64433959 100644
--- a/src/utils/json.c
+++ b/src/utils/json.c
@@ -103,6 +103,11 @@ static char * json_parse_string(const char **json_pos, const char *end)
 			return str;
 		case '\\':
 			pos++;
+			if (pos >= end) {
+				wpa_printf(MSG_DEBUG,
+					   "JSON: Truncated \\ escape");
+				goto fail;
+			}
 			switch (*pos) {
 			case '"':
 			case '\\':