[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: fix #8052
From: |
gnunet |
Subject: |
[gnunet] branch master updated: fix #8052 |
Date: |
Tue, 09 Jan 2024 19:29:43 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 57ba18685 fix #8052
57ba18685 is described below
commit 57ba1868520f09b41e08cfd79b89477efb9bce7d
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Jan 9 19:29:39 2024 +0100
fix #8052
---
src/include/gnunet_strings_lib.h | 4 +--
src/lib/hello/hello-uri.c | 4 +--
src/lib/util/strings.c | 54 +++++++++++++++++++++++++++++++++++++---
src/lib/util/test_strings.c | 8 +++---
src/plugin/reclaim/pabc_helper.c | 16 +++++++++---
src/service/rest/openid_plugin.c | 18 +++++++-------
6 files changed, 80 insertions(+), 24 deletions(-)
diff --git a/src/include/gnunet_strings_lib.h b/src/include/gnunet_strings_lib.h
index f5aaf7014..36dfe9c12 100644
--- a/src/include/gnunet_strings_lib.h
+++ b/src/include/gnunet_strings_lib.h
@@ -417,8 +417,8 @@ GNUNET_STRINGS_base64_encode (const void *in,
* @return the size of the output
*/
size_t
-GNUNET_STRINGS_urlencode (const char *data,
- size_t len,
+GNUNET_STRINGS_urlencode (size_t len,
+ const char data[static len],
char **out);
diff --git a/src/lib/hello/hello-uri.c b/src/lib/hello/hello-uri.c
index 2e99d701a..49acaf7a9 100644
--- a/src/lib/hello/hello-uri.c
+++ b/src/lib/hello/hello-uri.c
@@ -759,8 +759,8 @@ GNUNET_HELLO_builder_to_url (const struct
GNUNET_HELLO_Builder *builder,
}
pfx_len = eou - a->uri;
eou += 3;
- GNUNET_STRINGS_urlencode (eou,
- a->uri_len - 4 - pfx_len,
+ GNUNET_STRINGS_urlencode (a->uri_len - 4 - pfx_len,
+ eou,
&ue);
GNUNET_asprintf (&tmp,
"%s%s%.*s=%s",
diff --git a/src/lib/util/strings.c b/src/lib/util/strings.c
index 493d20f1e..8498e74d3 100644
--- a/src/lib/util/strings.c
+++ b/src/lib/util/strings.c
@@ -1860,15 +1860,23 @@ GNUNET_STRINGS_urldecode (const char *data,
size_t
-GNUNET_STRINGS_urlencode (const char *data,
- size_t len,
+GNUNET_STRINGS_urlencode (size_t len,
+ const char data[static len],
char **out)
{
struct GNUNET_Buffer buf = { 0 };
const uint8_t *i8 = (uint8_t *) data;
+ const uint8_t *end = (uint8_t *) (data + len);
- while (0 != *i8)
+ while (end != i8)
{
+ if (0 == *i8)
+ {
+ /* invalid UTF-8 (or bad @a len): fail */
+ GNUNET_break (0);
+ GNUNET_buffer_clear (&buf);
+ return 0;
+ }
if (0 == (0x80 & *i8))
{
/* traditional ASCII */
@@ -1900,6 +1908,14 @@ GNUNET_STRINGS_urlencode (const char *data,
*i8 >> 4,
*i8 & 15);
i8++;
+ if ( (end == i8) ||
+ (0 == *i8) )
+ {
+ /* invalid UTF-8 (or bad @a len): fail */
+ GNUNET_break (0);
+ GNUNET_buffer_clear (&buf);
+ return 0;
+ }
GNUNET_buffer_write_fstr (&buf,
"%%%X%X",
*i8 >> 4,
@@ -1912,6 +1928,14 @@ GNUNET_STRINGS_urlencode (const char *data,
/* 3-byte value, percent-encode */
for (unsigned int i = 0; i<3; i++)
{
+ if ( (end == i8) ||
+ (0 == *i8) )
+ {
+ /* invalid UTF-8 (or bad @a len): fail */
+ GNUNET_break (0);
+ GNUNET_buffer_clear (&buf);
+ return 0;
+ }
GNUNET_buffer_write_fstr (&buf,
"%%%X%X",
*i8 >> 4,
@@ -1925,6 +1949,14 @@ GNUNET_STRINGS_urlencode (const char *data,
/* 4-byte value, percent-encode */
for (unsigned int i = 0; i<4; i++)
{
+ if ( (end == i8) ||
+ (0 == *i8) )
+ {
+ /* invalid UTF-8 (or bad @a len): fail */
+ GNUNET_break (0);
+ GNUNET_buffer_clear (&buf);
+ return 0;
+ }
GNUNET_buffer_write_fstr (&buf,
"%%%X%X",
*i8 >> 4,
@@ -1939,6 +1971,14 @@ GNUNET_STRINGS_urlencode (const char *data,
/* 5-byte value, percent-encode (outside of UTF-8 modern standard, but
so what) */
for (unsigned int i = 0; i<5; i++)
{
+ if ( (end == i8) ||
+ (0 == *i8) )
+ {
+ /* invalid UTF-8 (or bad @a len): fail */
+ GNUNET_break (0);
+ GNUNET_buffer_clear (&buf);
+ return 0;
+ }
GNUNET_buffer_write_fstr (&buf,
"%%%X%X",
*i8 >> 4,
@@ -1954,6 +1994,14 @@ GNUNET_STRINGS_urlencode (const char *data,
/* 6-byte value, percent-encode (outside of UTF-8 modern standard, but
so what) */
for (unsigned int i = 0; i<6; i++)
{
+ if ( (end == i8) ||
+ (0 == *i8) )
+ {
+ /* invalid UTF-8 (or bad @a len): fail */
+ GNUNET_break (0);
+ GNUNET_buffer_clear (&buf);
+ return 0;
+ }
GNUNET_buffer_write_fstr (&buf,
"%%%X%X",
*i8 >> 4,
diff --git a/src/lib/util/test_strings.c b/src/lib/util/test_strings.c
index 0e39b9958..e55741040 100644
--- a/src/lib/util/test_strings.c
+++ b/src/lib/util/test_strings.c
@@ -149,16 +149,16 @@ main (int argc, char *argv[])
GNUNET_STRINGS_fancy_time_to_relative ("15 m", &rtx));
GNUNET_assert (rt.rel_value_us == rtx.rel_value_us);
- GNUNET_assert (0 != GNUNET_STRINGS_urlencode (URLENCODE_TEST_VECTOR_PLAIN,
- strlen (
+ GNUNET_assert (0 != GNUNET_STRINGS_urlencode (strlen (
URLENCODE_TEST_VECTOR_PLAIN),
+ URLENCODE_TEST_VECTOR_PLAIN,
&b));
WANT (URLENCODE_TEST_VECTOR_ENCODED, b);
GNUNET_free (b);
GNUNET_assert (0 !=
- GNUNET_STRINGS_urldecode (URLENCODE_TEST_VECTOR_ENCODED,
- strlen (
+ GNUNET_STRINGS_urldecode (strlen (
URLENCODE_TEST_VECTOR_ENCODED),
+ URLENCODE_TEST_VECTOR_ENCODED,
&b));
WANT (URLENCODE_TEST_VECTOR_PLAIN, b);
GNUNET_free (b);
diff --git a/src/plugin/reclaim/pabc_helper.c b/src/plugin/reclaim/pabc_helper.c
index 65a633f7b..d7688e9e1 100644
--- a/src/plugin/reclaim/pabc_helper.c
+++ b/src/plugin/reclaim/pabc_helper.c
@@ -145,7 +145,9 @@ PABC_load_public_parameters (struct pabc_context *const ctx,
if (pp_name == NULL)
return GNUNET_SYSERR;
- GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename);
+ GNUNET_STRINGS_urlencode (strlen (pp_name),
+ pp_name,
+ &pp_filename);
if (GNUNET_YES != GNUNET_DISK_directory_test (pdir, GNUNET_YES))
{
GNUNET_free (pp_filename);
@@ -177,7 +179,9 @@ PABC_write_public_parameters (char const *const pp_name,
enum pabc_status status;
struct pabc_context *ctx = NULL;
- GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename);
+ GNUNET_STRINGS_urlencode (strlen (pp_name),
+ pp_name,
+ &pp_filename);
PABC_ASSERT (pabc_new_ctx (&ctx));
// store in json file
status = pabc_encode_public_parameters (ctx, pp, &json);
@@ -258,7 +262,9 @@ PABC_write_usr_ctx (char const *const usr_name,
return GNUNET_SYSERR;
}
- GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename);
+ GNUNET_STRINGS_urlencode (strlen (pp_name),
+ pp_name,
+ &pp_filename);
status = pabc_encode_user_ctx (ctx, pp, usr_ctx, &json);
if (PABC_OK != status)
{
@@ -329,7 +335,9 @@ PABC_read_usr_ctx (char const *const usr_name,
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user context given.\n");
return GNUNET_SYSERR;
}
- GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename);
+ GNUNET_STRINGS_urlencode (strlen (pp_name),
+ pp_name,
+ &pp_filename);
size_t fname_size = strlen (get_pabcdir ()) + 1 + strlen (usr_name) + 1
+ strlen (pp_filename) + strlen (PABC_USR_EXT) + 1;
diff --git a/src/service/rest/openid_plugin.c b/src/service/rest/openid_plugin.c
index a4f082d2a..61904494b 100644
--- a/src/service/rest/openid_plugin.c
+++ b/src/service/rest/openid_plugin.c
@@ -242,7 +242,7 @@
* How long to wait for a consume in userinfo endpoint
*/
#define CONSUME_TIMEOUT GNUNET_TIME_relative_multiply ( \
- GNUNET_TIME_UNIT_SECONDS,2)
+ GNUNET_TIME_UNIT_SECONDS,2)
/**
* OIDC ignored parameter array
@@ -1022,16 +1022,16 @@ login_redirect (void *cls)
"&%s=%s",
OIDC_CLIENT_ID_KEY,
handle->oidc->client_id);
- GNUNET_STRINGS_urlencode (handle->oidc->redirect_uri,
- strlen (handle->oidc->redirect_uri),
+ GNUNET_STRINGS_urlencode (strlen (handle->oidc->redirect_uri),
+ handle->oidc->redirect_uri,
&tmp);
GNUNET_buffer_write_fstr (&buf,
"&%s=%s",
OIDC_REDIRECT_URI_KEY,
tmp);
GNUNET_free (tmp);
- GNUNET_STRINGS_urlencode (handle->oidc->scope,
- strlen (handle->oidc->scope),
+ GNUNET_STRINGS_urlencode (strlen (handle->oidc->scope),
+ handle->oidc->scope,
&tmp);
GNUNET_buffer_write_fstr (&buf,
"&%s=%s",
@@ -1040,8 +1040,8 @@ login_redirect (void *cls)
GNUNET_free (tmp);
if (NULL != handle->oidc->state)
{
- GNUNET_STRINGS_urlencode (handle->oidc->state,
- strlen (handle->oidc->state),
+ GNUNET_STRINGS_urlencode (strlen (handle->oidc->state),
+ handle->oidc->state,
&tmp);
GNUNET_buffer_write_fstr (&buf,
"&%s=%s",
@@ -1065,8 +1065,8 @@ login_redirect (void *cls)
}
if (NULL != handle->oidc->claims)
{
- GNUNET_STRINGS_urlencode (handle->oidc->claims,
- strlen (handle->oidc->claims),
+ GNUNET_STRINGS_urlencode (strlen (handle->oidc->claims),
+ handle->oidc->claims,
&tmp);
GNUNET_buffer_write_fstr (&buf,
"&%s=%s",
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gnunet] branch master updated: fix #8052,
gnunet <=