RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

uri_parser: check if uri is long enough to even contain a ://

Browse Source 
Before attempting to access these characters. This fixes an
out-of-bounds read on the provided URI buffer.
This commit is contained in:
Sören Tempel 2021-02-04 20:08:26 +01:00
parent d6e43fd07a
commit 333572e091
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/uri_parser/uri_parser.c
View File

@ -55,7 +55,7 @@ static char *_consume_scheme(uri_parser_result_t *result, char *uri,
result->scheme_len = p - uri;
/* check if authority part exists '://' */
if ((p[1] != '\0') && (p[2] != '\0') && (p[1] == '/') && (p[2] == '/')) {
if (((uri_end - p) > 2) && (p[1] == '/') && (p[2] == '/')) {
*has_authority = true;
/* skip '://' */
return p + 3;

11
tests/unittests/tests-uri_parser/tests-uri_parser.c
View File

@ -401,6 +401,17 @@ static const validate_t validate_uris[] = {
"./this:that",
"",
0),
VEC("pP://",
true,
"pP",
"",
"",
"",
"",
"",
"",
"",
0),
};
static char _failure_msg[VEC_MSG_LEN];