diff options
author | David Benjamin <davidben@google.com> | 2024-05-05 10:32:29 -0400 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2024-05-07 17:32:31 +0000 |
commit | b17231cdb9ec4e877b470c57d3280d9195811cd9 (patch) | |
tree | 0b7f182d396a25d10859a527ee9d55e3ce20bddc | |
parent | 3e89a7e8db8139db356b892ca9993172346c80cf (diff) | |
download | boringssl-b17231cdb9ec4e877b470c57d3280d9195811cd9.zip boringssl-b17231cdb9ec4e877b470c57d3280d9195811cd9.tar.gz boringssl-b17231cdb9ec4e877b470c57d3280d9195811cd9.tar.bz2 |
Test some more CONF edge cases
Ensure that, by rejecting "$foo", we didn't make it impossible to embed
"$" in a config file. Also test every allowed punctuation character in
CONF, non-ASCII characters, and empty values.
Change-Id: I55c3c02b357c6017adadf0deebe95f52244ac9d2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68287
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
-rw-r--r-- | crypto/conf/conf.c | 4 | ||||
-rw-r--r-- | crypto/conf/conf_test.cc | 52 |
2 files changed, 53 insertions, 3 deletions
diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c index 40e8ffb..d76ab89 100644 --- a/crypto/conf/conf.c +++ b/crypto/conf/conf.c @@ -233,7 +233,9 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) { break; } else if (*from == '$') { // Historically, $foo would expand to a previously-parsed value. This - // feature has been removed as it was unused and is a DoS vector. + // feature has been removed as it was unused and is a DoS vector. If + // trying to embed '$' in a line, either escape it or wrap the value in + // quotes. OPENSSL_PUT_ERROR(CONF, CONF_R_VARIABLE_EXPANSION_NOT_SUPPORTED); goto err; } else { diff --git a/crypto/conf/conf_test.cc b/crypto/conf/conf_test.cc index 544ac96..4905cb3 100644 --- a/crypto/conf/conf_test.cc +++ b/crypto/conf/conf_test.cc @@ -310,9 +310,57 @@ key7 = value7 # section1 // Punctuation is allowed in key names. { - "key.1 = value\n", + "key!%&*+,-./;?@^_|~1 = value\n", { - {"default", {{"key.1", "value"}}}, + {"default", {{"key!%&*+,-./;?@^_|~1", "value"}}}, + }, + }, + + // Only the first equals counts as a key/value separator. + { + "key======", + { + {"default", {{"key", "====="}}}, + }, + }, + + // Empty keys and empty values are allowed. + { + R"( +[both_empty] += +[empty_key] +=value +[empty_value] +key= +[equals] +====== +[] +empty=section +)", + { + {"default", {}}, + {"both_empty", {{"", ""}}}, + {"empty_key", {{"", "value"}}}, + {"empty_value", {{"key", ""}}}, + {"equals", {{"", "====="}}}, + {"", {{"empty", "section"}}}, + }, + }, + + // After the first equals, the value can freely contain more equals. + { + "key1 = \\$value1\nkey2 = \"$value2\"", + { + {"default", {{"key1", "$value1"}, {"key2", "$value2"}}}, + }, + }, + + // Non-ASCII bytes are allowed in values. + { + "key = \xe2\x98\x83", + { + {"default", {{"key", "\xe2\x98\x83"}}}, }, }, }; |