From ceb215efc043277ba03d7345f3768190025e3825 Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Sun, 28 Jul 2024 12:15:59 +0300 Subject: [PATCH] Do not allow too long verbatim strings, and check for EOF while reading them. --- src/sexp-input.cpp | 12 ++++++++++++ tests/src/exception-tests.cpp | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/src/sexp-input.cpp b/src/sexp-input.cpp index 8f9bc0b..552fcba 100644 --- a/src/sexp-input.cpp +++ b/src/sexp-input.cpp @@ -219,7 +219,19 @@ void sexp_input_stream_t::scan_verbatim_string(sexp_simple_string_t &ss, uint32_ // Some length is specified always, this is ensured by the caller's logic assert(length != std::numeric_limits::max()); + // We should not handle too large strings + if (length > 1024 * 1024) { + sexp_error( + sexp_exception_t::error, "Too long verbatim string: %zu", length, 0, count); + } for (uint32_t i = 0; i < length; i++) { + if (next_char == EOF) { + sexp_error(sexp_exception_t::error, + "EOF while reading verbatim string at %zu", + i, + 0, + count); + } ss.append(next_char); get_char(); } diff --git a/tests/src/exception-tests.cpp b/tests/src/exception-tests.cpp index 318b2b8..b192ce5 100644 --- a/tests/src/exception-tests.cpp +++ b/tests/src/exception-tests.cpp @@ -126,6 +126,18 @@ TEST_F(ExceptionTests, StringBadLength) "SEXP ERROR: illegal character 'A' (0x41) at position 2"); } +TEST_F(ExceptionTests, StringTooLongTruncated) +{ + do_scan_with_exception("(982582599:", + "SEXP ERROR: Too long verbatim string: 982582599"); +} + +TEST_F(ExceptionTests, StringTruncated) +{ + do_scan_with_exception("(1024:", + "SEXP ERROR: EOF while reading verbatim string at 6"); +} + TEST_F(ExceptionTests, DecimalTooLong) { do_scan_with_exception("(1234567890:AAABFCAD)",