crystal-lang · straight-shoota · Oct 31, 2021 · Oct 31, 2021 · Oct 31, 2021 · yxhuvud
diff --git a/spec/compiler/lexer/lexer_spec.cr b/spec/compiler/lexer/lexer_spec.cr
@@ -558,4 +558,21 @@ describe "Lexer" do
   assert_syntax_error %("\\x1z"), "invalid hex escape"
 
   assert_syntax_error %("hi\\)
+
+  # CVE-2021-42574
+  describe "trojan source" do
+    ['\u202A', '\u202B', '\u202C', '\u202D', '\u202E', '\u2066', '\u2067', '\u2068', '\u2069'].each do |char|
+      assert_syntax_error %(f#{char}), "Invalid unicode control character: #{char.dump}"
+      assert_syntax_error %("#{char}"), "Invalid unicode control character: #{char.dump}"
+      assert_syntax_error %(%w(#{char})), "Invalid unicode control character: #{char.dump}"
+      assert_syntax_error %(:#{char}), "Invalid unicode control character: #{char.dump}"
+      assert_syntax_error %(:"#{char}"), "Invalid unicode control character: #{char.dump}"
+      assert_syntax_error %(%i(#{char})), "Invalid unicode control character: #{char.dump}"
+      assert_syntax_error %(##{char}), "Invalid unicode control character: #{char.dump}"
+      assert_syntax_error %(macro foo\n##{char}\nend), "Invalid unicode control character: #{char.dump}"
+
+      it_lexes_string char.to_s.dump, char.to_s
+      it_lexes_char char.dump, char
+    end
+  end
 end
diff --git a/spec/support/syntax.cr b/spec/support/syntax.cr
@@ -130,7 +130,7 @@ class Crystal::ASTNode
 end
 
 def assert_syntax_error(str, message = nil, line = nil, column = nil, metafile = __FILE__, metaline = __LINE__, metaendline = __END_LINE__)
-  it "says syntax error on #{str.inspect}", metafile, metaline, metaendline do
+  it "says syntax error on #{str.dump}", metafile, metaline, metaendline do
     begin
       parse str
       fail "Expected SyntaxException to be raised", metafile, metaline

diff --git a/src/compiler/crystal/syntax/lexer.cr b/src/compiler/crystal/syntax/lexer.cr
@@ -1349,9 +1349,7 @@ module Crystal
         start_pos = current_pos
       end
 
-      while char != '\n' && char != '\0'
-        char = next_char_no_column_increment
-      end
+      skip_comment
 
       if doc_buffer = @token.doc_buffer
         doc_buffer << '\n'
@@ -3078,6 +3076,9 @@ module Crystal
       if error = @reader.error
         ::raise InvalidByteSequenceError.new("Unexpected byte 0x#{error.to_s(16)} at position #{@reader.pos}, malformed UTF-8")
       end
+      if current_char.in?('\u202A', '\u202B', '\u202C', '\u202D', '\u202E', '\u2066', '\u2067', '\u2068', '\u2069')
+        raise "Invalid unicode control character: #{current_char.dump}"
+      end
       char
     end