From 5ac6a12e0a76613d29edc65beb6b99af45172493 Mon Sep 17 00:00:00 2001 From: m-holger Date: Sun, 29 Jan 2023 11:39:15 +0000 Subject: [PATCH] In JSONParser::getToken reject illegal control characters --- libqpdf/JSON.cc | 20 ++++++++++++++++---- libtests/qtest/json_parse.test | 4 ++++ libtests/qtest/json_parse/bad-18.out | 2 +- libtests/qtest/json_parse/bad-45.json | 1 + libtests/qtest/json_parse/bad-45.out | 1 + libtests/qtest/json_parse/bad-46.json | 1 + libtests/qtest/json_parse/bad-46.out | 1 + libtests/qtest/json_parse/bad-47.json | 2 ++ libtests/qtest/json_parse/bad-47.out | 1 + libtests/qtest/json_parse/bad-48.json | 1 + libtests/qtest/json_parse/bad-48.out | 1 + 11 files changed, 30 insertions(+), 5 deletions(-) create mode 100644 libtests/qtest/json_parse/bad-45.json create mode 100644 libtests/qtest/json_parse/bad-45.out create mode 100644 libtests/qtest/json_parse/bad-46.json create mode 100644 libtests/qtest/json_parse/bad-46.out create mode 100644 libtests/qtest/json_parse/bad-47.json create mode 100644 libtests/qtest/json_parse/bad-47.out create mode 100644 libtests/qtest/json_parse/bad-48.json create mode 100644 libtests/qtest/json_parse/bad-48.out diff --git a/libqpdf/JSON.cc b/libqpdf/JSON.cc index b972d8aa..da0de9eb 100644 --- a/libqpdf/JSON.cc +++ b/libqpdf/JSON.cc @@ -780,10 +780,22 @@ JSONParser::getToken() } } - if (*p == 0) { - QTC::TC("libtests", "JSON parse null character"); - throw std::runtime_error( - "JSON: null character at offset " + std::to_string(offset)); + if ((*p < 32 && *p >= 0)) { + if (*p == '\t' || *p == '\n' || *p == '\r') { + // Legal white space not permitted in strings. This will always + // end the current token (unless we are still before the start + // of the token). + if (lex_state == ls_top) { + // Continue with token + } else { + // done + } + } else { + QTC::TC("libtests", "JSON parse null character"); + throw std::runtime_error( + "JSON: control or null character at offset " + + std::to_string(offset)); + } } action = append; switch (lex_state) { diff --git a/libtests/qtest/json_parse.test b/libtests/qtest/json_parse.test index d38d70de..8234b755 100644 --- a/libtests/qtest/json_parse.test +++ b/libtests/qtest/json_parse.test @@ -125,6 +125,10 @@ my @bad = ( "e after minus", # 42 "missing digit after e", # 43 "missing digit after e+/-", # 44 + # "tab char in string", # 45 + # "cr char in string", # 46 + # "lf char in string", # 47 + # "bs char in string", # 48 ); my $i = 0; diff --git a/libtests/qtest/json_parse/bad-18.out b/libtests/qtest/json_parse/bad-18.out index 0428b64f..1e779e41 100644 --- a/libtests/qtest/json_parse/bad-18.out +++ b/libtests/qtest/json_parse/bad-18.out @@ -1 +1 @@ -exception: bad-18.json: JSON: null character at offset 5 +exception: bad-18.json: JSON: control or null character at offset 5 diff --git a/libtests/qtest/json_parse/bad-45.json b/libtests/qtest/json_parse/bad-45.json new file mode 100644 index 00000000..16107dc0 --- /dev/null +++ b/libtests/qtest/json_parse/bad-45.json @@ -0,0 +1 @@ +"Tab in str ing" diff --git a/libtests/qtest/json_parse/bad-45.out b/libtests/qtest/json_parse/bad-45.out new file mode 100644 index 00000000..ba7e4f16 --- /dev/null +++ b/libtests/qtest/json_parse/bad-45.out @@ -0,0 +1 @@ +"Tab in str\ting" diff --git a/libtests/qtest/json_parse/bad-46.json b/libtests/qtest/json_parse/bad-46.json new file mode 100644 index 00000000..60873bf4 --- /dev/null +++ b/libtests/qtest/json_parse/bad-46.json @@ -0,0 +1 @@ +"cr in str ing" diff --git a/libtests/qtest/json_parse/bad-46.out b/libtests/qtest/json_parse/bad-46.out new file mode 100644 index 00000000..2baad6a4 --- /dev/null +++ b/libtests/qtest/json_parse/bad-46.out @@ -0,0 +1 @@ +"cr in str\ring" diff --git a/libtests/qtest/json_parse/bad-47.json b/libtests/qtest/json_parse/bad-47.json new file mode 100644 index 00000000..3c75427a --- /dev/null +++ b/libtests/qtest/json_parse/bad-47.json @@ -0,0 +1,2 @@ +"lf in str +ing" diff --git a/libtests/qtest/json_parse/bad-47.out b/libtests/qtest/json_parse/bad-47.out new file mode 100644 index 00000000..30549072 --- /dev/null +++ b/libtests/qtest/json_parse/bad-47.out @@ -0,0 +1 @@ +"lf in str\ning" diff --git a/libtests/qtest/json_parse/bad-48.json b/libtests/qtest/json_parse/bad-48.json new file mode 100644 index 00000000..1e605808 --- /dev/null +++ b/libtests/qtest/json_parse/bad-48.json @@ -0,0 +1 @@ +"bs in string" \ No newline at end of file diff --git a/libtests/qtest/json_parse/bad-48.out b/libtests/qtest/json_parse/bad-48.out new file mode 100644 index 00000000..0b20fc7a --- /dev/null +++ b/libtests/qtest/json_parse/bad-48.out @@ -0,0 +1 @@ +exception: bad-48.json: JSON: control or null character at offset 10