Do not allow too long verbatim strings, and check for EOF while readi…

…ng them.
rnpgp · Jul 28, 2024 · c227c08 · c227c08
1 parent 6f3dd81
commit c227c08
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/src/sexp-input.cpp b/src/sexp-input.cpp
@@ -219,7 +219,15 @@ void sexp_input_stream_t::scan_verbatim_string(sexp_simple_string_t &ss, uint32_
 
     // Some length is specified always, this is ensured by the caller's logic
     assert(length != std::numeric_limits<uint32_t>::max());
+    // We should not handle too large strings
+    if (length > 1024 * 1024) {
+        sexp_error(sexp_exception_t::error, "Too long verbatim string: %zu", length, 0, count);
+    }
     for (uint32_t i = 0; i < length; i++) {
+        if (next_char == EOF) {
+            sexp_error(
+              sexp_exception_t::error, "EOF while reading verbatim string", 0, 0, count);
+        }
         ss.append(next_char);
         get_char();
     }

diff --git a/tests/src/exception-tests.cpp b/tests/src/exception-tests.cpp
@@ -126,6 +126,18 @@ TEST_F(ExceptionTests, StringBadLength)
                            "SEXP ERROR: illegal character 'A' (0x41) at position 2");
 }
 
+TEST_F(ExceptionTests, StringTooLongTruncated)
+{
+    do_scan_with_exception("(982582599:",
+                           "SEXP ERROR: Too long verbatim string: 982582599 at position 11");
+}
+
+TEST_F(ExceptionTests, StringTruncated)
+{
+    do_scan_with_exception("(1024:",
+                           "SEXP ERROR: EOF while reading verbatim string at position 6");
+}
+
 TEST_F(ExceptionTests, DecimalTooLong)
 {
     do_scan_with_exception("(1234567890:AAABFCAD)",