From 50953de897023742e43d3feab976b891be1c6e63 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 6 Oct 2022 09:55:48 +0200
Subject: [PATCH] auth: Detect invalid bytes in makeBytesFromHex()

Also only allocate the required number of bytes, not twice that.
---
 pdns/misc.cc         | 14 +++++++++-----
 pdns/test-misc_hh.cc |  2 ++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/pdns/misc.cc b/pdns/misc.cc
index 66dbb497db..f760a957ab 100644
--- a/pdns/misc.cc
+++ b/pdns/misc.cc
@@ -599,14 +599,18 @@ string makeBytesFromHex(const string &in) {
     throw std::range_error("odd number of bytes in hex string");
   }
   string ret;
-  ret.reserve(in.size());
+  ret.reserve(in.size() / 2);
+
   unsigned int num;
-  for (size_t i = 0; i < in.size(); i+=2) {
-    string numStr = in.substr(i, 2);
+  for (size_t i = 0; i < in.size(); i += 2) {
+    const auto numStr = in.substr(i, 2);
     num = 0;
-    sscanf(numStr.c_str(), "%02x", &num);
-    ret.push_back((uint8_t)num);
+    if (sscanf(numStr.c_str(), "%02x", &num) != 1) {
+      throw std::range_error("Invalid value while parsing the hex string '" + in + "'");
+    }
+    ret.push_back(static_cast<uint8_t>(num));
   }
+
   return ret;
 }
 
diff --git a/pdns/test-misc_hh.cc b/pdns/test-misc_hh.cc
index 3dd8f9c093..f519048409 100644
--- a/pdns/test-misc_hh.cc
+++ b/pdns/test-misc_hh.cc
@@ -387,6 +387,8 @@ BOOST_AUTO_TEST_CASE(test_makeBytesFromHex) {
   BOOST_CHECK_EQUAL(out, "\x12\x34\x56\x78\x90\xab\xcd\xef");
 
   BOOST_CHECK_THROW(makeBytesFromHex("123"), std::range_error);
+
+  BOOST_CHECK_THROW(makeBytesFromHex("1234GG"), std::range_error);
 }
 
 BOOST_AUTO_TEST_SUITE_END()
-- 
2.47.2