Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix potential buffer overflow in parseStringValue #152

Merged
merged 1 commit into from
Apr 6, 2018
Merged

Fix potential buffer overflow in parseStringValue #152

merged 1 commit into from
Apr 6, 2018

Conversation

gordonwang0
Copy link
Contributor

@gordonwang0 gordonwang0 commented Apr 5, 2018
edited
Loading

Requires the inclusion of a buffer size in jsonStruct_t.

In response to #151.

@gordonwang0 gordonwang0 added the bug label Apr 5, 2018
huguesBouvier
huguesBouvier reviewed Apr 5, 2018
View reviewed changes
tests/unit/src/aws_iot_tests_unit_json_utils_helper.c
CHECK_EQUAL_C_INT(SHADOW_JSON_ERROR, rc);

/* Ensure there was no attempt to write to a buffer that's too small. */
for(i = 0; i < STRING_BUFFER_LENGTH; i++)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NP: You could do a mem compare

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't that require keeping an additional block of all-zero memory around?

tests/unit/src/aws_iot_tests_unit_json_utils_helper.c

CHECK_EQUAL_C_INT(3, r);
CHECK_EQUAL_C_INT(SUCCESS, rc);
CHECK_EQUAL_C_STRING("this is a longer string for test 2", parsedString);
}

/* Test that parsing a string doesn't overflow the given buffer. */
TEST_C(JsonUtils, ParseStringWithBufferTooSmall) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should test the happy path too :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like when the buffer is big enough? I think that's adequately tested by the integration tests (jobs integration test).

src/aws_iot_shadow_json.c
@@ -354,28 +354,28 @@ bool isJsonValidAndParse(const char *pJsonDocument, void *pJsonHandler, int32_t
}

static IoT_Error_t UpdateValueIfNoObject(const char *pJsonString, jsonStruct_t *pDataStruct, jsmntok_t token) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A look up table could look better. Though it is a risky change.

src/aws_iot_json_utils.c
@@ -170,12 +170,9 @@ IoT_Error_t parseBooleanValue(bool *b, const char *jsonString, jsmntok_t *token)
IOT_WARN("Token was not a primitive.");
return JSON_PARSE_ERROR;
}
if(jsonString[token->start] == 't' && jsonString[token->start + 1] == 'r' && jsonString[token->start + 2] == 'u'
&& jsonString[token->start + 3] == 'e') {
if(strncmp(jsonString + token->start, "true", 4) == 0) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@huguesBouvier huguesBouvier merged commit 2d1a002 into aws:master Apr 6, 2018
@gordonwang0 gordonwang0 mentioned this pull request Apr 6, 2018
Closed
@gordonwang0 gordonwang0 deleted the parse_string_fix branch April 6, 2018 22:50
gordonwang0 added a commit that referenced this pull request Apr 20, 2018
@gordonwang0
Fix potential buffer overflow in parseStringValue. (#152)
d79fa7c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@huguesBouvier huguesBouvier huguesBouvier approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gordonwang0 @huguesBouvier