Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UUID parser silently ignores too long strings #4375

Closed
omerbrandis opened this issue Dec 27, 2023 · 5 comments
Closed

UUID parser silently ignores too long strings #4375

omerbrandis opened this issue Dec 27, 2023 · 5 comments
Assignees

Comments

@omerbrandis
Copy link
Contributor

Hello,

I've found a previous issue that may be similar, only it is marked as fixed in 2015, and i'm using a recent version (Release 1.12.3 )
and the error seems similar.

std::string Str = "495cff3a-a4b3-11ee-9e54-9cb6d0f68b51AA";
poco::UUID myUUID.tryParse(Str)

myUUID.toString() != Str.
the last AA are truncated/missing in myUUID.

please advise.
Omer.

@bas524
Copy link
Contributor

bas524 commented Dec 27, 2023

Hi, @omerbrandis. Your string contains 38 symbols include 4*-, but correct uuid should contain only 36 include 4*-

@omerbrandis
Copy link
Contributor Author

omerbrandis commented Dec 28, 2023

Hello @bas524,

this is the documentation for "tryParse" as taken from the header file:
/// Tries to interpret the given string as an UUID.
/// If the UUID is syntactically valid, assigns the
/// members and returns true. Otherwise leaves the
/// object unchanged and returns false.

my expectation is either :

  1. if the input to tryParse is invalid for whatever reason, including if the string is too long and/or contains invalid characters, tryPasre will return false, as described in the documentation, but does not occur.
  2. the documentation be amended to reflect the behavior.
    :-)

@aleks-f aleks-f added this to the Release 1.13.1 milestone Jan 4, 2024
@aleks-f aleks-f self-assigned this Jan 4, 2024
@aleks-f aleks-f changed the title uuid tryParse does not behave as expected UUID parser silently ignores too long strings Jan 4, 2024
@matejk matejk added the fixed label Jan 5, 2024
@bas524 bas524 mentioned this issue Jan 8, 2024
@bas524
Copy link
Contributor

bas524 commented Jan 8, 2024

@matejk , @aleks-f
Please look at #4389
I hope it can be useful

@matejk
Copy link
Contributor

matejk commented Jan 10, 2024

IMO it is not necessary to make parsing of the UUID less strict as it is currently. Trimming of the string can be done before parsing by the caller.

@bas524
Copy link
Contributor

bas524 commented Jan 10, 2024

IMO it is not necessary to make parsing of the UUID less strict as it is currently. Trimming of the string can be done before parsing by the caller.

Ok, I agree

@aleks-f aleks-f closed this as completed Feb 5, 2024
aleks-f added a commit that referenced this issue Feb 6, 2024
* doc(ReleaseNotes): fix formatting, add PR links

* Incorporated Debian patches (#4380)

* Debian: Use null as device file as console might not be there

* Debian: Add GNU Hurd support

* Debian: Includes not available on Hurd

* Debian: Disable SHA2 test on platforms where it's broken

* Debian: Set POCO_NO_FPENVIRONMENT for armel

---------

Co-authored-by: Jochen Sprickerhof <git@jochen.sprickerhof.de>

* fix(UUID): UUID parser silently ignores too long strings #4375 (#4384)

* fix(Crypto): EVP_CIPHER_CTX_init is incorrectly defined in Envelope.cpp if it is not defined already by OpenSSL. Fixed to properly use EVP_CIPHER_CTX_reset.

* enh(ci): Add macos sanitizers job (#4313)

* enh(ci): macOS thread sanitizer

* enh(ci): macOS sanitize jobs for undefined and address.

* fix(test): lock std:cerr to prevent data race in TCP server tests (reported by clang thread sanitizer) #4313

* fix(test): Use 96-bit IV with aes-256-gcm to fix (#4347):

I/O error: error:1C800066:Provider routines::cipher operation failed

* mingw compile and link improvements (#4019) (#4391)

* fix(platform): MinGW Compile and link errors: undefined reference to `WinMain'

* fix(platform): MinGW compile UUID tests (conflicting UUID defined as GUID in rpcdce.h via windows.h)

* enh(DateTimeParser): option to cleanup input string before parsing (#569).

* fix(CppUnit): do not install #4398

* fix(DataTest): do not install #4398

* chore(SingleSocketPoller): spelling

* fix(MailMessage): Compare lowercase content disposition headers when reading parts (#3650).

* chore(cmake): CppUnit Foundation dependency documentation; fix indentation

* fix(SocketReactorTest): deadlock test intermittently hangs #4400

* gcc/clang (-fvisibility=hidden): corrections to compile and work properly (#4394)

* fix(ActiveRecord): missing ActiveRecordLib_API definitions for clang/gcc.

* fix(FPEnvironment): export FPEnvironmentImpl classes (#4393, #3331)

* fix(Crypto): export *Impl classes used from inlines (#4393, #3331)

* fix(Dynamic): explicitly instantiate and export Dynamic::Struct for string and int (-fvisibility=hidden) (#4393, #3331)

* fix(JSON): explicitly instantiate and export SharedPtr for JSON::Array and JSON::Object (-fvisibility=hidden) (#4393, #3331)

* enh(CMake): Set symbol visibility to hidden (#4393, #3331)

* enh(configure): user c++17 standard for iphone, Darwin and ARM-Linux.

* fix(UTF): explicitly instantiate and export 16 and 32-bit strings (-fvisibility=hidden) (#4393, #3331)

* fix(RecordSet): make Extraction.h internal and instantiate RecordsSet::column template functions only for supported types. (-fvisibility=hidden) (#4393, #3331)

* fix(UTF): fix explicitly instantiation on Windows (-fvisibility=hidden) (#4393, #3331)

* enh(CMake): Add github jobs for macOS with visibility set to hidden (#4393, #3331)

* fix(CppParser): Add missing declarations for CppParser_API (#4393, #3331)

* enh(CMake): Enable more options in github jobs for macOS with visibility set to hidden (#4393, #3331)

* fix(MongoDB): Add missing MongoDB_API (#4393, #3331)

* Implemented automated network library initialization for Windows MinGW targets (#4402)

* Implemented automated network library initialization for Windows MinGW/GCC targets

* Using POCO_COMPILER_MINGW instead of __GNUC__

---------

Co-authored-by: Jesse Hoogervorst <jesse@deltaxlab.com>

* fix(Thread_POSIX): qnx build error: 'prctl' was not declared in this scope #4404

* fix: NULL pointer strategy when setting rotation never #4411

Regression from 66e93f9.

* fix(progen): add LanguageStandard (stdcpp17, stdc11); regenerate vs170 projects

* Implement GetAdaptersAddresses API (#4419)

* Upgrade from GetAdaptersInfo to GetAdaptersAddresses API. The code has been swapped back to a buffer of bytes because the data structure built by GetAdaptersAddresses is a linked list and the returned size is not a multiple of the IP_ADAPTERS_ADDRESSES struct.

* Adding back Poco/UnWindows.h

* Undoing indents.

* test(ThreadPool): unit test for thread pool shutdown when no worker is running. (#2450)

* enh: #4216: use std::string literals

* enh: #3890: Get rid of SingletonHolder

* enh(File): Linux, macOS: microsecond precision for file times (create and modification time).

* enh(tests): Ability to enable/disable testing of deprecated functionality. (#4425)

* fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421

* fix(LogFile): Unify flushing behaviour of WIN32 and STD implementation (#2443)

* chore(buildwin): remove old vs versions from build and progen scripts; update documentation

* chore(buildwin): remove leftover closing curly

* enh(SQLite): SQLite FTS5 #4367

* Release 1.13.1: Update release notes, changelog, contributors, version files. (#4440)

* Update CONTRIBUTORS

* fix(CppParser): Documentation generation (some minor fixes, WiP) #4441

* feat(CppParser): C++11 attributes support

* feat(PocoDoc): C++11 attributes support

* chore(doc): Changelog and release notes formatting

* fix(CppParser): parsing of function template parameters and namespace imports

* fix: make headers parseable by CppParser/PocoDoc

* fix(PocoDoc): add -DPOCO_DOC

* fix(PocoDoc): postgres headers not found

* fix(PocoDoc): libpq include path

* fix(XML): #4443: Upgrade libexpat to 2.6.0

* doc: updated changelog

---------

Co-authored-by: Günter Obiltschnig <guenter.obiltschnig@appinf.com>
Co-authored-by: Matej Kenda <matejken@gmail.com>
Co-authored-by: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Co-authored-by: Jesse Hoogervorst <hoogervorstjesse@gmail.com>
Co-authored-by: Jesse Hoogervorst <jesse@deltaxlab.com>
Co-authored-by: Aron Budea <aron.budea@collabora.com>
Co-authored-by: Andrew Auclair <andrewauclair@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Done
Development

No branches or pull requests

4 participants