SMOLNET PORTAL home about changes
[root][parent][raw file]
atom, json, mbox: fix reading past the buffer with an escaped NUL byte (\ NUL) - sfeed - RSS and Atom parser
(URL) git clone git://git.codemadness.org/sfeed (git://git.codemadness.org)
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit eb8d6cf63815bff6697ebc7ae1b83f998b6eab53
(DIR) parent 728270f69c34a84cb10aa891178c90c8fe36320d
(URL) Author: Hiltjo Posthuma <hiltjo@codemadness.org> (mailto://) application/vnd.lotus-organizer
Date: Thu, 13 Apr 2023 00:34:23 +0200
atom, json, mbox: fix reading past the buffer with an escaped NUL byte (\ NUL)
This would skip checking the end of the string of checking a NUL byte, because
the iteration was done before checking it.
It would proceed into the data that comes after. Note that sfeed itself can't
generate such malformed data itself.
Example input:
0 title link content\ html
Would incorrect print "contenthtml" as the content.
Diffstat:
M sfeed_atom.c | 2 ++
M sfeed_json.c | 2 ++
M sfeed_mbox.c | 2 ++
3 files changed, 6 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/sfeed_atom.c b/sfeed_atom.c
@@ -22,6 +22,8 @@ printcontent(const char *s)
case '&': fputs("&amp;", stdout); break;
case '"': fputs("&quot;", stdout); break;
case '\\':
+ if (*(s + 1) == '\0')
+ break;
s++;
switch (*s) {
case 'n': putchar('\n'); break;
(DIR) diff --git a/sfeed_json.c b/sfeed_json.c
@@ -16,6 +16,8 @@ printcontent(const char *s)
for (; *s; s++) {
switch (*s) {
case '\\':
+ if (*(s + 1) == '\0')
+ break;
s++;
switch (*s) {
case 'n': fputs("\\n", stdout); break;
(DIR) diff --git a/sfeed_mbox.c b/sfeed_mbox.c
@@ -37,6 +37,8 @@ escapefrom:
for (; *s; s++) {
switch (*s) {
case '\\':
+ if (*(s + 1) == '\0')
+ break;
s++;
switch (*s) {
case 'n':
Response: application/gopher-menu
Original URLgopher://codemadness.org/1/git/sfeed/commit/eb8d6cf63815b...
Content-Typeapplication/gopher-menu; charset=utf-8