[Lldb-commits] [PATCH] UriParser - fixed potential buffer overrun

Vince Harron vharron at google.com
Sun Jan 11 02:39:04 PST 2015 

Hi clayborg, ovyalov, sivachandra,

fixed potential buffer overrun by adding "10" to port parameter in sscanf
return error if port is invalid (>65535)
added tests

REPOSITORY
  rL LLVM

http://reviews.llvm.org/D6918

Files:
  /Users/vharron/ll/svn/lldb/gtest/unittest/Utility/UriParserTest.cpp
  /Users/vharron/ll/svn/lldb/source/Utility/UriParser.cpp

Index: /Users/vharron/ll/svn/lldb/gtest/unittest/Utility/UriParserTest.cpp
===================================================================
--- /Users/vharron/ll/svn/lldb/gtest/unittest/Utility/UriParserTest.cpp
+++ /Users/vharron/ll/svn/lldb/gtest/unittest/Utility/UriParserTest.cpp
@@ -127,3 +127,9 @@
     VALIDATE
 }
 
+TEST_F (UriParserTest, PortOverflow)
+{
+    const UriTestCase testCase("x://y:0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/");
+    VALIDATE
+}
+
Index: /Users/vharron/ll/svn/lldb/source/Utility/UriParser.cpp
===================================================================
--- /Users/vharron/ll/svn/lldb/source/Utility/UriParser.cpp
+++ /Users/vharron/ll/svn/lldb/source/Utility/UriParser.cpp
@@ -33,14 +33,14 @@
     char path_buf[2049] = {'/', 0};
   
     bool ok = false;
-         if (4==sscanf(uri, "%99[^:/]://%255[^/:]:%[^/]/%2047s", scheme_buf, hostname_buf, port_buf, path_buf+1)) { ok = true; }
-    else if (3==sscanf(uri, "%99[^:/]://%255[^/:]:%[^/]", scheme_buf, hostname_buf, port_buf)) { ok = true; }
+         if (4==sscanf(uri, "%99[^:/]://%255[^/:]:%10[^/]/%2047s", scheme_buf, hostname_buf, port_buf, path_buf+1)) { ok = true; }
+    else if (3==sscanf(uri, "%99[^:/]://%255[^/:]:%10[^/]", scheme_buf, hostname_buf, port_buf)) { ok = true; }
     else if (3==sscanf(uri, "%99[^:/]://%255[^/]/%2047s", scheme_buf, hostname_buf, path_buf+1)) { ok = true; }
     else if (2==sscanf(uri, "%99[^:/]://%255[^/]", scheme_buf, hostname_buf)) { ok = true; }
 
-    char* end = port_buf;
+    char* end = nullptr;
     int port_tmp = strtoul(port_buf, &end, 10);
-    if (*end != 0)
+    if (*end != 0 || port_tmp > 65535)
     {
         // there are invalid characters in port_buf
         return false;

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D6918.17987.patch
Type: text/x-patch
Size: 1804 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20150111/a51cde42/attachment.bin>

More information about the lldb-commits mailing list