Commit 5ac6a12e0a76613d29edc65beb6b99af45172493
1 parent
1b89e768
In JSONParser::getToken reject illegal control characters
Showing
11 changed files
with
30 additions
and
5 deletions
libqpdf/JSON.cc
| ... | ... | @@ -780,10 +780,22 @@ JSONParser::getToken() |
| 780 | 780 | } |
| 781 | 781 | } |
| 782 | 782 | |
| 783 | - if (*p == 0) { | |
| 784 | - QTC::TC("libtests", "JSON parse null character"); | |
| 785 | - throw std::runtime_error( | |
| 786 | - "JSON: null character at offset " + std::to_string(offset)); | |
| 783 | + if ((*p < 32 && *p >= 0)) { | |
| 784 | + if (*p == '\t' || *p == '\n' || *p == '\r') { | |
| 785 | + // Legal white space not permitted in strings. This will always | |
| 786 | + // end the current token (unless we are still before the start | |
| 787 | + // of the token). | |
| 788 | + if (lex_state == ls_top) { | |
| 789 | + // Continue with token | |
| 790 | + } else { | |
| 791 | + // done | |
| 792 | + } | |
| 793 | + } else { | |
| 794 | + QTC::TC("libtests", "JSON parse null character"); | |
| 795 | + throw std::runtime_error( | |
| 796 | + "JSON: control or null character at offset " + | |
| 797 | + std::to_string(offset)); | |
| 798 | + } | |
| 787 | 799 | } |
| 788 | 800 | action = append; |
| 789 | 801 | switch (lex_state) { | ... | ... |
libtests/qtest/json_parse.test
| ... | ... | @@ -125,6 +125,10 @@ my @bad = ( |
| 125 | 125 | "e after minus", # 42 |
| 126 | 126 | "missing digit after e", # 43 |
| 127 | 127 | "missing digit after e+/-", # 44 |
| 128 | + # "tab char in string", # 45 | |
| 129 | + # "cr char in string", # 46 | |
| 130 | + # "lf char in string", # 47 | |
| 131 | + # "bs char in string", # 48 | |
| 128 | 132 | ); |
| 129 | 133 | |
| 130 | 134 | my $i = 0; | ... | ... |
libtests/qtest/json_parse/bad-18.out
libtests/qtest/json_parse/bad-45.json
0 → 100644
| 1 | +"Tab in str ing" | ... | ... |
libtests/qtest/json_parse/bad-45.out
0 → 100644
| 1 | +"Tab in str\ting" | ... | ... |
libtests/qtest/json_parse/bad-46.json
0 → 100644
| 1 | +"cr in str ing" | ... | ... |
libtests/qtest/json_parse/bad-46.out
0 → 100644
| 1 | +"cr in str\ring" | ... | ... |
libtests/qtest/json_parse/bad-47.json
0 → 100644
libtests/qtest/json_parse/bad-47.out
0 → 100644
| 1 | +"lf in str\ning" | ... | ... |
libtests/qtest/json_parse/bad-48.json
0 → 100644
libtests/qtest/json_parse/bad-48.out
0 → 100644
| 1 | +exception: bad-48.json: JSON: control or null character at offset 10 | ... | ... |