Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

uri_parser: fix out-of-bounds and additional enhancements #15929

Merged
merged 5 commits into from Feb 5, 2021

Conversation

cgundogan
Copy link
Member

@cgundogan cgundogan commented Feb 4, 2021

Contribution description

  • Fixes the out of bounds for the case where the host part is empty, but a userinfo exists.
  • Additionally allow empty host parts, even if userinfo and port exist (look at the ABNF in https://tools.ietf.org/html/rfc3986#appendix-A)
  • Further, do not attempt to parse path if end-of-uri is reached.

Testing procedure

run the unittests and the example in #15927

Issues/PRs references

fixes #15927

@cgundogan cgundogan added Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) Area: sys Area: System labels Feb 4, 2021
@cgundogan
Copy link
Member Author

@nmeum I rebased this branch onto current master. Do you mind having another check? AFAIC, I am not getting troubles anymore with make all-asan and the initial application that you provided.

@cgundogan cgundogan added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Feb 5, 2021
@nmeum
Copy link
Member

nmeum commented Feb 5, 2021

@nmeum I rebased this branch onto current master. Do you mind having another check? AFAIC, I am not getting troubles anymore with make all-asan and the initial application that you provided.

Yes, at the present time I am no longer able to discover any additional spatial violations in uri_parser with your patch applied. I cannot provide any guarantees whether there are none though but the code definitely looks more reasonable now ;)

Thanks for fixing this so quickly!

@miri64 miri64 merged commit bc59d60 into RIOT-OS:master Feb 5, 2021
3 checks passed
@cgundogan cgundogan deleted the pr/uriparser branch February 5, 2021 17:07
@kaspar030 kaspar030 added this to the Release 2021.04 milestone Apr 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

uri_parser: out-of-bounds read
5 participants