diff options
author | Christian Grothoff <christian@grothoff.org> | 2024-05-01 09:31:40 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2024-05-01 09:33:40 +0200 |
commit | c204ebe592ca6dd9b423f244f8f6d46c86e03a79 (patch) | |
tree | 8c57f38bf3c3a7b845b978e35ef229b701d16ff9 | |
parent | b54a765c9e8fe780689c4b46eed0434fcae4b221 (diff) | |
download | gnunet-c204ebe592ca6dd9b423f244f8f6d46c86e03a79.tar.gz gnunet-c204ebe592ca6dd9b423f244f8f6d46c86e03a79.zip |
UTIL: fix infinite loop on malformed input to URL decoder
m--------- | contrib/gana | 0 | ||||
m--------- | contrib/handbook | 0 | ||||
-rw-r--r-- | po/POTFILES.in | 1 | ||||
-rw-r--r-- | src/lib/util/Makefile.am | 2 | ||||
-rw-r--r-- | src/lib/util/strings.c | 30 |
5 files changed, 21 insertions, 12 deletions
diff --git a/contrib/gana b/contrib/gana | |||
Subproject 53d0992890e1ebb8f8c6bd747533abe157baec6 | Subproject cc2d9bdb3e90af5ddebf964e3da492c04a30741 | ||
diff --git a/contrib/handbook b/contrib/handbook | |||
Subproject c309e416984fc76e4b39adcbd4e8a602d94b198 | Subproject 7d66dc1695829f2511f8e8ecc227a64d73d1562 | ||
diff --git a/po/POTFILES.in b/po/POTFILES.in index 8872ddca1..382232226 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in | |||
@@ -99,6 +99,7 @@ src/contrib/service/set/ibf_sim.c | |||
99 | src/contrib/service/set/plugin_block_set_test.c | 99 | src/contrib/service/set/plugin_block_set_test.c |
100 | src/contrib/service/set/set_api.c | 100 | src/contrib/service/set/set_api.c |
101 | src/contrib/service/template/gnunet-service-template.c | 101 | src/contrib/service/template/gnunet-service-template.c |
102 | src/gana/gnunet-error-codes/gnunet_error_codes.c | ||
102 | src/lib/block/bg_bf.c | 103 | src/lib/block/bg_bf.c |
103 | src/lib/block/block.c | 104 | src/lib/block/block.c |
104 | src/lib/curl/curl.c | 105 | src/lib/curl/curl.c |
diff --git a/src/lib/util/Makefile.am b/src/lib/util/Makefile.am index 00538847b..4d052c57b 100644 --- a/src/lib/util/Makefile.am +++ b/src/lib/util/Makefile.am | |||
@@ -147,7 +147,7 @@ libgnunetutil_la_LIBADD = \ | |||
147 | 147 | ||
148 | libgnunetutil_la_LDFLAGS = \ | 148 | libgnunetutil_la_LDFLAGS = \ |
149 | $(GN_LIB_LDFLAGS) \ | 149 | $(GN_LIB_LDFLAGS) \ |
150 | -version-info 16:0:0 | 150 | -version-info 16:1:0 |
151 | 151 | ||
152 | lib_LTLIBRARIES = libgnunetutil.la | 152 | lib_LTLIBRARIES = libgnunetutil.la |
153 | 153 | ||
diff --git a/src/lib/util/strings.c b/src/lib/util/strings.c index fe7a030dd..dc9fd0daf 100644 --- a/src/lib/util/strings.c +++ b/src/lib/util/strings.c | |||
@@ -37,7 +37,7 @@ | |||
37 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-strings", __VA_ARGS__) | 37 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-strings", __VA_ARGS__) |
38 | 38 | ||
39 | #define LOG_STRERROR(kind, syscall) \ | 39 | #define LOG_STRERROR(kind, syscall) \ |
40 | GNUNET_log_from_strerror (kind, "util-strings", syscall) | 40 | GNUNET_log_from_strerror (kind, "util-strings", syscall) |
41 | 41 | ||
42 | 42 | ||
43 | size_t | 43 | size_t |
@@ -1699,7 +1699,7 @@ GNUNET_STRINGS_base64url_encode (const void *in, | |||
1699 | 1699 | ||
1700 | 1700 | ||
1701 | #define cvtfind(a) \ | 1701 | #define cvtfind(a) \ |
1702 | ((((a) >= 'A') && ((a) <= 'Z')) \ | 1702 | ((((a) >= 'A') && ((a) <= 'Z')) \ |
1703 | ? (a) - 'A' \ | 1703 | ? (a) - 'A' \ |
1704 | : (((a) >= 'a') && ((a) <= 'z')) \ | 1704 | : (((a) >= 'a') && ((a) <= 'z')) \ |
1705 | ? (a) - 'a' + 26 \ | 1705 | ? (a) - 'a' + 26 \ |
@@ -1709,15 +1709,15 @@ GNUNET_STRINGS_base64url_encode (const void *in, | |||
1709 | 1709 | ||
1710 | 1710 | ||
1711 | #define CHECK_CRLF \ | 1711 | #define CHECK_CRLF \ |
1712 | while ( (data[i] == '\r') || (data[i] == '\n') ) \ | 1712 | while ( (data[i] == '\r') || (data[i] == '\n') ) \ |
1713 | { \ | 1713 | { \ |
1714 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK, \ | 1714 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK, \ |
1715 | "ignoring CR/LF\n"); \ | 1715 | "ignoring CR/LF\n"); \ |
1716 | i++; \ | 1716 | i++; \ |
1717 | if (i >= len) { \ | 1717 | if (i >= len) { \ |
1718 | goto END; \ | 1718 | goto END; \ |
1719 | } \ | 1719 | } \ |
1720 | } | 1720 | } |
1721 | 1721 | ||
1722 | 1722 | ||
1723 | size_t | 1723 | size_t |
@@ -1853,7 +1853,15 @@ GNUNET_STRINGS_urldecode (const char *data, | |||
1853 | if (1 != sscanf (rpos + 1, | 1853 | if (1 != sscanf (rpos + 1, |
1854 | "%2x", | 1854 | "%2x", |
1855 | &num)) | 1855 | &num)) |
1856 | { | ||
1857 | /* Invalid URL encoding, try to continue anyway */ | ||
1858 | GNUNET_break_op (0); | ||
1859 | *wpos = *rpos; | ||
1860 | wpos++; | ||
1861 | resl++; | ||
1862 | rpos++; | ||
1856 | break; | 1863 | break; |
1864 | } | ||
1857 | *wpos = (char) ((unsigned char) num); | 1865 | *wpos = (char) ((unsigned char) num); |
1858 | wpos++; | 1866 | wpos++; |
1859 | resl++; | 1867 | resl++; |