[master] 4f1fd4128 vav: Apparently we can't trust sscanf(3)
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Mon Jul 5 15:47:04 UTC 2021
commit 4f1fd4128c5e5487c1ef103c25ba48b7a15a7b1f
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Mon Jul 5 07:52:22 2021 +0200
vav: Apparently we can't trust sscanf(3)
At least not on my system, where "x%02x" doesn't strictly require 2
hexadecimal digits.
diff --git a/lib/libvarnish/vav.c b/lib/libvarnish/vav.c
index 7dc269aac..6863b9dfb 100644
--- a/lib/libvarnish/vav.c
+++ b/lib/libvarnish/vav.c
@@ -102,7 +102,8 @@ vav_backslash_txt(const char *s, const char *e, char *res)
}
break;
case 'x':
- if (l >= 4 && sscanf(s + 1, "x%02x", &u) == 1) {
+ if (l >= 4 && isxdigit(s[2]) && isxdigit(s[3]) &&
+ sscanf(s + 1, "x%02x", &u) == 1) {
AZ(u & ~0xff);
c = u; /*lint !e734 loss of precision */
r = 4;
@@ -355,6 +356,7 @@ static const struct test_case *tests[] = {
TEST_FAIL(0 , "\\", invalid_backslash),
TEST_FAIL(0 , "\\x", invalid_backslash),
TEST_FAIL(0 , "\\x2", invalid_backslash),
+ TEST_FAIL(0 , "\\x2O", invalid_backslash),
TEST_PASS(0 , "\\x20", " "),
TEST_FAIL(0 , "\"foo", missing_quote),
NULL
More information about the varnish-commit
mailing list