diff options
| author | Markus Armbruster <armbru@redhat.com> | 2018-08-23 18:39:55 +0200 |
|---|---|---|
| committer | Markus Armbruster <armbru@redhat.com> | 2018-08-24 20:26:37 +0200 |
| commit | 46a628b1398ae6a58d6847223736431225c4c0cc (patch) | |
| tree | 53e184c57fb6767ec72bb336e5770f65f9f969c8 /qobject/json-parser.c | |
| parent | de6decfe8e2939464fc27ac2ab4ef87689329fec (diff) | |
| download | focaccia-qemu-46a628b1398ae6a58d6847223736431225c4c0cc.tar.gz focaccia-qemu-46a628b1398ae6a58d6847223736431225c4c0cc.zip | |
json: Reject invalid \uXXXX, fix \u0000
The JSON parser translates invalid \uXXXX to garbage instead of rejecting it, and swallows \u0000. Fix by using mod_utf8_encode() instead of flawed wchar_to_utf8(). Valid surrogate pairs are now differently broken: they're rejected instead of translated to garbage. The next commit will fix them. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180823164025.12553-29-armbru@redhat.com>
Diffstat (limited to 'qobject/json-parser.c')
| -rw-r--r-- | qobject/json-parser.c | 35 |
1 files changed, 6 insertions, 29 deletions
diff --git a/qobject/json-parser.c b/qobject/json-parser.c index 9cb363f7e1..e49da192fe 100644 --- a/qobject/json-parser.c +++ b/qobject/json-parser.c @@ -64,34 +64,6 @@ static void GCC_FMT_ATTR(3, 4) parse_error(JSONParserContext *ctxt, error_setg(&ctxt->err, "JSON parse error, %s", message); } -/** - * String helpers - * - * These helpers are used to unescape strings. - */ -static void wchar_to_utf8(uint16_t wchar, char *buffer, size_t buffer_length) -{ - if (wchar <= 0x007F) { - BUG_ON(buffer_length < 2); - - buffer[0] = wchar & 0x7F; - buffer[1] = 0; - } else if (wchar <= 0x07FF) { - BUG_ON(buffer_length < 3); - - buffer[0] = 0xC0 | ((wchar >> 6) & 0x1F); - buffer[1] = 0x80 | (wchar & 0x3F); - buffer[2] = 0; - } else { - BUG_ON(buffer_length < 4); - - buffer[0] = 0xE0 | ((wchar >> 12) & 0x0F); - buffer[1] = 0x80 | ((wchar >> 6) & 0x3F); - buffer[2] = 0x80 | (wchar & 0x3F); - buffer[3] = 0; - } -} - static int hex2decimal(char ch) { if (ch >= '0' && ch <= '9') { @@ -197,7 +169,12 @@ static QString *parse_string(JSONParserContext *ctxt, JSONToken *token) ptr++; } - wchar_to_utf8(cp, utf8_buf, sizeof(utf8_buf)); + if (mod_utf8_encode(utf8_buf, sizeof(utf8_buf), cp) < 0) { + parse_error(ctxt, token, + "\\u%.4s is not a valid Unicode character", + ptr - 3); + goto out; + } qstring_append(str, utf8_buf); break; default: |