diff options
| author | Sebastian Hahn <sebastian@torproject.org> | 2017-04-18 13:43:55 +0200 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-04-24 09:33:48 -0400 |
| commit | a16de7a7cff14e133e01f5605f4600c67de5d91f (patch) | |
| tree | 20e666110493ddb381e249ec8efab7d6fc2c07ad | |
| parent | b081a7ed21ae729f6e195715e130edaca3e0b7fe (diff) | |
| download | tor-a16de7a7cff14e133e01f5605f4600c67de5d91f.tar.gz tor-a16de7a7cff14e133e01f5605f4600c67de5d91f.zip | |
consdiff: Reject ranges with non-numeric chars
Fixes bug #21964
| -rw-r--r-- | src/or/consdiff.c | 3 | ||||
| -rw-r--r-- | src/test/test_consdiff.c | 51 |
2 files changed, 53 insertions, 1 deletions
diff --git a/src/or/consdiff.c b/src/or/consdiff.c index d2a2af1b5f..7e3d6749f6 100644 --- a/src/or/consdiff.c +++ b/src/or/consdiff.c @@ -757,6 +757,9 @@ get_linenum(const char **s, int *num_out) { int ok; char *next; + if (!TOR_ISDIGIT(**s)) { + return -1; + } *num_out = (int) tor_parse_long(*s, 10, 0, INT32_MAX, &ok, &next); if (ok && next) { *s = next; diff --git a/src/test/test_consdiff.c b/src/test/test_consdiff.c index 1b4e2ad3c1..829e8f8e42 100644 --- a/src/test/test_consdiff.c +++ b/src/test/test_consdiff.c @@ -746,6 +746,55 @@ test_consdiff_apply_ed_diff(void *arg) smartlist_clear(diff); + /* Ranges must be numeric only and cannot contain spaces. */ + smartlist_add_linecpy(diff, area, "0, 4d"); + mock_clean_saved_logs(); + cons2 = apply_ed_diff(cons1, diff, 0); + tt_ptr_op(NULL, OP_EQ, cons2); + expect_single_log_msg_containing("an ed command was missing a range " + "end line number."); + + smartlist_clear(diff); + + /* '+' is not a number. */ + smartlist_add_linecpy(diff, area, "+0,4d"); + mock_clean_saved_logs(); + cons2 = apply_ed_diff(cons1, diff, 0); + tt_ptr_op(NULL, OP_EQ, cons2); + expect_single_log_msg_containing("an ed command was missing a line number"); + + smartlist_clear(diff); + + /* range duplication */ + smartlist_add_linecpy(diff, area, "0,4d,5d"); + mock_clean_saved_logs(); + cons2 = apply_ed_diff(cons1, diff, 0); + tt_ptr_op(NULL, OP_EQ, cons2); + expect_single_log_msg_containing("an ed command longer than one char was " + "found"); + + smartlist_clear(diff); + + /* space before command */ + smartlist_add_linecpy(diff, area, "0,4 d"); + mock_clean_saved_logs(); + cons2 = apply_ed_diff(cons1, diff, 0); + tt_ptr_op(NULL, OP_EQ, cons2); + expect_single_log_msg_containing("an ed command longer than one char was " + "found"); + + smartlist_clear(diff); + + /* space inside number */ + smartlist_add_linecpy(diff, area, "0,4 5d"); + mock_clean_saved_logs(); + cons2 = apply_ed_diff(cons1, diff, 0); + tt_ptr_op(NULL, OP_EQ, cons2); + expect_single_log_msg_containing("an ed command longer than one char was " + "found"); + + smartlist_clear(diff); + /* Test appending text, 'a'. */ consensus_split_lines(diff, "3a\nU\nO\n.\n0a\nV\n.\n", area); cons2 = apply_ed_diff(cons1, diff, 0); @@ -775,7 +824,7 @@ test_consdiff_apply_ed_diff(void *arg) smartlist_free(cons2); /* Test changing text, 'c'. */ - consensus_split_lines(diff, "4c\nT\nX\n.\n1, 2c\nM\n.\n", area); + consensus_split_lines(diff, "4c\nT\nX\n.\n1,2c\nM\n.\n", area); cons2 = apply_ed_diff(cons1, diff, 0); tt_ptr_op(NULL, OP_NE, cons2); tt_int_op(5, OP_EQ, smartlist_len(cons2)); |