diff options
| author | Wladimir J. van der Laan <[email protected]> | 2015-06-03 09:42:03 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <[email protected]> | 2015-06-03 12:18:40 +0200 |
| commit | 4e157fc60dae5ca69933ea4c1585a2a078b4d957 (patch) | |
| tree | aa97c939b76802d946b9c3f06351f1fdfcca1579 /src | |
| parent | Merge pull request #6203 (diff) | |
| download | discoin-4e157fc60dae5ca69933ea4c1585a2a078b4d957.tar.xz discoin-4e157fc60dae5ca69933ea4c1585a2a078b4d957.zip | |
json: fail read_string if string contains trailing garbage
Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes #6223).
The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.
Also adds tests for the new behavior.
Diffstat (limited to 'src')
| -rw-r--r-- | src/json/json_spirit_reader_template.h | 6 | ||||
| -rw-r--r-- | src/test/rpc_tests.cpp | 18 |
2 files changed, 21 insertions, 3 deletions
diff --git a/src/json/json_spirit_reader_template.h b/src/json/json_spirit_reader_template.h index 46f5892f6..47e3c1ca8 100644 --- a/src/json/json_spirit_reader_template.h +++ b/src/json/json_spirit_reader_template.h @@ -521,12 +521,11 @@ namespace json_spirit const spirit_namespace::parse_info< Iter_type > info = spirit_namespace::parse( begin, end, - Json_grammer< Value_type, Iter_type >( semantic_actions ), + Json_grammer< Value_type, Iter_type >( semantic_actions ) >> spirit_namespace::end_p, spirit_namespace::space_p ); if( !info.hit ) { - assert( false ); // in theory exception should already have been thrown throw_error( info.stop, "error" ); } @@ -570,7 +569,8 @@ namespace json_spirit { typename String_type::const_iterator begin = s.begin(); - return read_range( begin, s.end(), value ); + bool success = read_range( begin, s.end(), value ); + return success && begin == s.end(); } template< class Istream_type > diff --git a/src/test/rpc_tests.cpp b/src/test/rpc_tests.cpp index 45cb551d0..5899671d2 100644 --- a/src/test/rpc_tests.cpp +++ b/src/test/rpc_tests.cpp @@ -140,6 +140,24 @@ BOOST_AUTO_TEST_CASE(rpc_parse_monetary_values) BOOST_CHECK_EQUAL(AmountFromValue(ValueFromString("20999999.99999999")), 2099999999999999LL); } +BOOST_AUTO_TEST_CASE(json_parse_errors) +{ + Value value; + // Valid + BOOST_CHECK_EQUAL(read_string(std::string("1.0"), value), true); + // Valid, with trailing whitespace + BOOST_CHECK_EQUAL(read_string(std::string("1.0 "), value), true); + // Invalid, initial garbage + BOOST_CHECK_EQUAL(read_string(std::string("[1.0"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("a1.0"), value), false); + // Invalid, trailing garbage + BOOST_CHECK_EQUAL(read_string(std::string("1.0sds"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("1.0]"), value), false); + // BTC addresses should fail parsing + BOOST_CHECK_EQUAL(read_string(std::string("175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("3J98t1WpEZ73CNmQviecrnyiWrnqRhWNL"), value), false); +} + BOOST_AUTO_TEST_CASE(rpc_boostasiotocnetaddr) { // Check IPv4 addresses |