[Lldb-commits] [PATCH] UriParser - fixed potential buffer overrun

Vince Harron vharron at google.com
Thu Jan 15 12:45:06 PST 2015 

Switched from ::strtoul to StringConvert::ToUInt32


http://reviews.llvm.org/D6918

Files:
  gtest/unittest/Utility/Makefile
  gtest/unittest/Utility/UriParserTest.cpp
  source/Utility/UriParser.cpp

Index: gtest/unittest/Utility/Makefile
===================================================================
--- gtest/unittest/Utility/Makefile
+++ gtest/unittest/Utility/Makefile
@@ -5,6 +5,7 @@
 CFLAGS_EXTRAS := -D__STDC_LIMIT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_CONSTANT_MACROS
 ENABLE_THREADS := YES
 CXX_SOURCES := $(wildcard *.cpp) \
+	$(realpath $(LEVEL)/../../source/Host/common/StringConvert.cpp) \
 	$(realpath $(LEVEL)/../../source/Utility/StringExtractor.cpp) \
 	$(realpath $(LEVEL)/../../source/Utility/UriParser.cpp)
 MAKE_DSYM := NO
Index: gtest/unittest/Utility/UriParserTest.cpp
===================================================================
--- gtest/unittest/Utility/UriParserTest.cpp
+++ gtest/unittest/Utility/UriParserTest.cpp
@@ -127,3 +127,9 @@
     VALIDATE
 }
 
+TEST_F (UriParserTest, PortOverflow)
+{
+    const UriTestCase testCase("x://y:0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/");
+    VALIDATE
+}
+
Index: source/Utility/UriParser.cpp
===================================================================
--- source/Utility/UriParser.cpp
+++ source/Utility/UriParser.cpp
@@ -15,6 +15,9 @@
 // C++ Includes
 // Other libraries and framework includes
 // Project includes
+#include "lldb/Host/StringConvert.h"
+
+using namespace lldb_private;
 
 //----------------------------------------------------------------------
 // UriParser::Parse
@@ -33,17 +36,21 @@
     char path_buf[2049] = {'/', 0};
   
     bool ok = false;
-         if (4==sscanf(uri, "%99[^:/]://%255[^/:]:%[^/]/%2047s", scheme_buf, hostname_buf, port_buf, path_buf+1)) { ok = true; }
-    else if (3==sscanf(uri, "%99[^:/]://%255[^/:]:%[^/]", scheme_buf, hostname_buf, port_buf)) { ok = true; }
+         if (4==sscanf(uri, "%99[^:/]://%255[^/:]:%10[^/]/%2047s", scheme_buf, hostname_buf, port_buf, path_buf+1)) { ok = true; }
+    else if (3==sscanf(uri, "%99[^:/]://%255[^/:]:%10[^/]", scheme_buf, hostname_buf, port_buf)) { ok = true; }
     else if (3==sscanf(uri, "%99[^:/]://%255[^/]/%2047s", scheme_buf, hostname_buf, path_buf+1)) { ok = true; }
     else if (2==sscanf(uri, "%99[^:/]://%255[^/]", scheme_buf, hostname_buf)) { ok = true; }
 
-    char* end = port_buf;
-    int port_tmp = strtoul(port_buf, &end, 10);
-    if (*end != 0)
+    bool success = false;
+    int port_tmp = 0;
+    if (port_buf[0])
     {
-        // there are invalid characters in port_buf
-        return false;
+        port_tmp = StringConvert::ToUInt32(port_buf, UINT32_MAX, 10, &success);
+        if (!success || port_tmp > 65535)
+        {
+            // there are invalid characters in port_buf
+            return false;
+        }
     }
 
     if (ok)

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D6918.18245.patch
Type: text/x-patch
Size: 2718 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20150115/1efc0156/attachment.bin>

More information about the lldb-commits mailing list