From 7f76961982e03d4d5f781e7e7113fc7eff970f82 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sun, 11 Jan 2015 17:21:17 -0500 Subject: shared/util: respect buffer boundary on incomplete escape sequences cunescape_length_with_prefix() is called with the length as an argument, so it cannot rely on the buffer being NUL terminated. Move the length check before accessing the memory. When an incomplete escape sequence was given at the end of the buffer, c_l_w_p() would read past the end of the buffer. Fix this and add a test. --- src/test/test-util.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'src/test') diff --git a/src/test/test-util.c b/src/test/test-util.c index 1e50a29f79..4bb51545be 100644 --- a/src/test/test-util.c +++ b/src/test/test-util.c @@ -416,8 +416,24 @@ static void test_cescape(void) { static void test_cunescape(void) { _cleanup_free_ char *unescaped; - assert_se(unescaped = cunescape("abc\\\\\\\"\\b\\f\\a\\n\\r\\t\\v\\003\\177\\234\\313\\000\\x00")); - assert_se(streq(unescaped, "abc\\\"\b\f\a\n\r\t\v\003\177\234\313\\000\\x00")); + unescaped = cunescape("abc\\\\\\\"\\b\\f\\a\\n\\r\\t\\v\\003\\177\\234\\313\\000\\x00"); + assert_se(streq_ptr(unescaped, "abc\\\"\b\f\a\n\r\t\v\003\177\234\313\\000\\x00")); + + /* incomplete sequences */ + unescaped = cunescape("\\x0"); + assert_se(streq_ptr(unescaped, "\\x0")); + + unescaped = cunescape("\\x"); + assert_se(streq_ptr(unescaped, "\\x")); + + unescaped = cunescape("\\"); + assert_se(streq_ptr(unescaped, "\\")); + + unescaped = cunescape("\\11"); + assert_se(streq_ptr(unescaped, "\\11")); + + unescaped = cunescape("\\1"); + assert_se(streq_ptr(unescaped, "\\1")); } static void test_foreach_word(void) { -- cgit v1.2.3-54-g00ecf