LBRYCommunity/lbrycrd
1
0
Fork 0
Code Issues 29 Pull requests 1 Projects Releases 32 Packages Wiki Activity

json: fail read_string if string contains trailing garbage

Browse source 
Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes #6223).

The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.

Also adds tests for the new behavior.
This commit is contained in:
Wladimir J. van der Laan 2015-06-03 09:42:03 +02:00
parent f00b62391b
commit 4e157fc60d
2 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/json/json_spirit_reader_template.h
View file

@ -521,12 +521,11 @@ namespace json_spirit
const spirit_namespace::parse_info< Iter_type > info = const spirit_namespace::parse_info< Iter_type > info =
spirit_namespace::parse( begin, end, spirit_namespace::parse( begin, end,
Json_grammer< Value_type, Iter_type >( semantic_actions ), Json_grammer< Value_type, Iter_type >( semantic_actions ) >> spirit_namespace::end_p,
spirit_namespace::space_p ); spirit_namespace::space_p );
if( !info.hit ) if( !info.hit )
{ {
assert( false ); // in theory exception should already have been thrown
throw_error( info.stop, "error" ); throw_error( info.stop, "error" );
} }
@ -570,7 +569,8 @@ namespace json_spirit
{ {
typename String_type::const_iterator begin = s.begin(); typename String_type::const_iterator begin = s.begin();
return read_range( begin, s.end(), value ); bool success = read_range( begin, s.end(), value );
return success && begin == s.end();
} }
template< class Istream_type > template< class Istream_type >

18
src/test/rpc_tests.cpp
View file

@ -140,6 +140,24 @@ BOOST_AUTO_TEST_CASE(rpc_parse_monetary_values)
BOOST_CHECK_EQUAL(AmountFromValue(ValueFromString("20999999.99999999")), 2099999999999999LL); BOOST_CHECK_EQUAL(AmountFromValue(ValueFromString("20999999.99999999")), 2099999999999999LL);
} }
BOOST_AUTO_TEST_CASE(json_parse_errors)
{
Value value;
// Valid
BOOST_CHECK_EQUAL(read_string(std::string("1.0"), value), true);
// Valid, with trailing whitespace
BOOST_CHECK_EQUAL(read_string(std::string("1.0 "), value), true);
// Invalid, initial garbage
BOOST_CHECK_EQUAL(read_string(std::string("[1.0"), value), false);
BOOST_CHECK_EQUAL(read_string(std::string("a1.0"), value), false);
// Invalid, trailing garbage
BOOST_CHECK_EQUAL(read_string(std::string("1.0sds"), value), false);
BOOST_CHECK_EQUAL(read_string(std::string("1.0]"), value), false);
// BTC addresses should fail parsing
BOOST_CHECK_EQUAL(read_string(std::string("175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W"), value), false);
BOOST_CHECK_EQUAL(read_string(std::string("3J98t1WpEZ73CNmQviecrnyiWrnqRhWNL"), value), false);
}
BOOST_AUTO_TEST_CASE(rpc_boostasiotocnetaddr) BOOST_AUTO_TEST_CASE(rpc_boostasiotocnetaddr)
{ {
// Check IPv4 addresses // Check IPv4 addresses