80 lines
2.5 KiB
Diff
80 lines
2.5 KiB
Diff
From 4cb8fa4aa5dea72bc66ea950e3fc193385bb7175 Mon Sep 17 00:00:00 2001
|
|
From: gaozhekang <gaozhekang@huawei.com>
|
|
Date: Wed, 4 Nov 2020 11:12:53 +0800
|
|
Subject: [PATCH] src: avoid OOB read in URL parser
|
|
|
|
This is not a big concern, because right now, all (non-test) inputs
|
|
to the parser are `'\0'`-terminated, but we should be future-proof
|
|
here and not perform these OOB reads.
|
|
|
|
---
|
|
src/node_url.cc | 6 +++---
|
|
test/cctest/test_url.cc | 20 ++++++++++++++++++++
|
|
2 files changed, 23 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/node_url.cc b/src/node_url.cc
|
|
index 7bfcde5..41492b1 100644
|
|
--- a/src/node_url.cc
|
|
+++ b/src/node_url.cc
|
|
@@ -1487,7 +1487,7 @@ void URL::Parse(const char* input,
|
|
state = kSpecialRelativeOrAuthority;
|
|
} else if (special) {
|
|
state = kSpecialAuthoritySlashes;
|
|
- } else if (p[1] == '/') {
|
|
+ } else if (p + 1 < end && p[1] == '/') {
|
|
state = kPathOrAuthority;
|
|
p++;
|
|
} else {
|
|
@@ -1547,7 +1547,7 @@ void URL::Parse(const char* input,
|
|
}
|
|
break;
|
|
case kSpecialRelativeOrAuthority:
|
|
- if (ch == '/' && p[1] == '/') {
|
|
+ if (ch == '/' && p + 1 < end && p[1] == '/') {
|
|
state = kSpecialAuthorityIgnoreSlashes;
|
|
p++;
|
|
} else {
|
|
@@ -1695,7 +1695,7 @@ void URL::Parse(const char* input,
|
|
break;
|
|
case kSpecialAuthoritySlashes:
|
|
state = kSpecialAuthorityIgnoreSlashes;
|
|
- if (ch == '/' && p[1] == '/') {
|
|
+ if (ch == '/' && p + 1 < end && p[1] == '/') {
|
|
p++;
|
|
} else {
|
|
continue;
|
|
diff --git a/test/cctest/test_url.cc b/test/cctest/test_url.cc
|
|
index ddef534..810cbc2 100644
|
|
--- a/test/cctest/test_url.cc
|
|
+++ b/test/cctest/test_url.cc
|
|
@@ -80,6 +80,26 @@ TEST_F(URLTest, Base3) {
|
|
EXPECT_EQ(simple.path(), "/baz");
|
|
}
|
|
|
|
+TEST_F(URLTest, TruncatedAfterProtocol) {
|
|
+ char input[2] = { 'q', ':' };
|
|
+ URL simple(input, sizeof(input));
|
|
+
|
|
+ EXPECT_FALSE(simple.flags() & URL_FLAGS_FAILED);
|
|
+ EXPECT_EQ(simple.protocol(), "q:");
|
|
+ EXPECT_EQ(simple.host(), "");
|
|
+ EXPECT_EQ(simple.path(), "/");
|
|
+}
|
|
+
|
|
+TEST_F(URLTest, TruncatedAfterProtocol2) {
|
|
+ char input[6] = { 'h', 't', 't', 'p', ':', '/' };
|
|
+ URL simple(input, sizeof(input));
|
|
+
|
|
+ EXPECT_TRUE(simple.flags() & URL_FLAGS_FAILED);
|
|
+ EXPECT_EQ(simple.protocol(), "http:");
|
|
+ EXPECT_EQ(simple.host(), "");
|
|
+ EXPECT_EQ(simple.path(), "");
|
|
+}
|
|
+
|
|
TEST_F(URLTest, ToFilePath) {
|
|
#define T(url, path) EXPECT_EQ(path, URL(url).ToFilePath())
|
|
T("http://example.org/foo/bar", "");
|
|
--
|
|
2.23.0
|
|
|