From 33c2236d702fee430cac27ab41d75069b6647765 Mon Sep 17 00:00:00 2001
From: Alex Kocharin <alex@kocharin.ru>
Date: Mon, 4 Nov 2019 20:44:23 +0300
Subject: [PATCH] Verify that there are no null-bytes in input

---
 lib/js-yaml/loader.js |  7 +++++++
 test/issues/0525-1.js | 16 ++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 test/issues/0525-1.js

diff --git a/lib/js-yaml/loader.js b/lib/js-yaml/loader.js
index 3af04dcc..e33b6c9a 100644
--- a/lib/js-yaml/loader.js
+++ b/lib/js-yaml/loader.js
@@ -1569,6 +1569,13 @@ function loadDocuments(input, options) {
 
   var state = new State(input, options);
 
+  var nullpos = input.indexOf('\0');
+
+  if (nullpos !== -1) {
+    state.position = nullpos;
+    throwError(state, 'null byte is not allowed in input');
+  }
+
   // Use 0 as string terminator. That significantly simplifies bounds check.
   state.input += '\0';
 
diff --git a/test/issues/0525-1.js b/test/issues/0525-1.js
new file mode 100644
index 00000000..72e6a355
--- /dev/null
+++ b/test/issues/0525-1.js
@@ -0,0 +1,16 @@
+'use strict';
+
+
+var assert = require('assert');
+var yaml   = require('../../');
+
+
+test('Should throw if there is a null-byte in input', function () {
+  try {
+    yaml.safeLoad('foo\0bar');
+  } catch (err) {
+    assert(err.stack.startsWith('YAMLException: null byte is not allowed in input'));
+    return;
+  }
+  assert.fail(null, null, 'Expected an error to be thrown');
+});