From 6bfab90c87c27e79eae28b775938756d2fdaf6c9 Mon Sep 17 00:00:00 2001
From: Eric Hawicz <erh+git@nimenees.com>
Date: Mon, 2 Sep 2024 09:43:04 -0400
Subject: [PATCH] Issue #867: disallow control characters in strict mode.

---
 json_tokener.c     |  6 ++++++
 tests/test_parse.c | 40 +++++++++++++++++++++++++++++++++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/json_tokener.c b/json_tokener.c
index 0a86d821..c831f8a5 100644
--- a/json_tokener.c
+++ b/json_tokener.c
@@ -678,6 +678,12 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
 					state = json_tokener_state_string_escape;
 					break;
 				}
+				else if ((tok->flags & JSON_TOKENER_STRICT) && c <= 0x1f)
+				{
+					// Disallow control characters in strict mode
+					tok->err = json_tokener_error_parse_string;
+					goto out;
+				}
 				if (!ADVANCE_CHAR(str, tok) || !PEEK_CHAR(c, tok))
 				{
 					printbuf_memappend_checked(tok->pb, case_start,
diff --git a/tests/test_parse.c b/tests/test_parse.c
index 92d822a7..d664a316 100644
--- a/tests/test_parse.c
+++ b/tests/test_parse.c
@@ -535,7 +535,7 @@ struct incremental_step
     {"{\"a\":}", -1, 5, json_tokener_error_parse_unexpected, 1, 0},
     {"{\"a\":1,\"a\":2}", -1, -1, json_tokener_success, 1, 0},
     {"\"a\":1}", -1, 3, json_tokener_success, 1, 0},
-    {"{\"a\":1", -1, -1, json_tokener_continue, 1, 0},
+    {"{\"a\":1", -1, -1, json_tokener_continue, 1, 0}, //}
     {"[,]", -1, 1, json_tokener_error_parse_unexpected, 1, 0},
     {"[,1]", -1, 1, json_tokener_error_parse_unexpected, 1, 0},
 
@@ -595,6 +595,44 @@ struct incremental_step
     {"\x7b\x22\x31\x81\x22\x3a\x31\x7d", -1, 3, json_tokener_error_parse_utf8_string, 1,
      JSON_TOKENER_VALIDATE_UTF8},
 
+    // Note, current asciiz APIs can't parse \x00, skip it
+    { "\"0\x01\x02\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" \
+      "\x10\x11\x12\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\"",
+      -1, -1, json_tokener_success, 1, 0 },
+
+    // Test control chars again, this time in strict mode, which should fail
+    { "\"\x01\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x02\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x03\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x04\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x05\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x06\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x07\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x08\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x09\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0a\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0b\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0c\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0d\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x10\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x11\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x12\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x13\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x14\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x15\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x16\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x17\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x18\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x19\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1a\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1b\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1c\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1d\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+
     {NULL, -1, -1, json_tokener_success, 0, 0},
 };
 
-- 
2.39.5