diff options
| author | Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> | 2021-07-09 18:43:26 +0200 |
|---|---|---|
| committer | Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> | 2021-07-19 12:36:25 +0200 |
| commit | 112003ee6967ce92c3453d760f0b5c9aa74c566a (patch) | |
| tree | 15340dec288878a49b6a02414f9fe6c4496a2340 | |
| parent | ecda483a9f02c2465b94815b3f9ca0195a960dce (diff) | |
| download | neard-112003ee6967ce92c3453d760f0b5c9aa74c566a.tar.gz | |
ndef: check UTF-16 text payload length
UTF-16 is supposed to be consisting of 16-bit codes (16-bit or 2x16-bit
per character) and parsing anything else is not safe because of cast to
gunichar2.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
| -rw-r--r-- | src/ndef.c | 5 | ||||
| -rw-r--r-- | unit/test-ndef-parse.c | 19 |
2 files changed, 24 insertions, 0 deletions
@@ -1189,6 +1189,11 @@ parse_text_payload(uint8_t *payload, uint32_t length) len = length - lang_length - 1; + if (status && (len % 2)) { + DBG("Payload not valid UTF-16 (length %d does not match)", len); + goto fail; + } + if (len > 0) { txt = (char *)(payload + offset); diff --git a/unit/test-ndef-parse.c b/unit/test-ndef-parse.c index d26f4c5..6c62c7a 100644 --- a/unit/test-ndef-parse.c +++ b/unit/test-ndef-parse.c @@ -150,6 +150,15 @@ static uint8_t text[] = {0xd1, 0x1, 0x13, 0x54, 0x5, 0x65, 0x6e, 0x2d, 0x55, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0xc5, 0xbc, 0xc3, 0xb3, 0xc5, 0x82, 0x77}; +/* 'hello żółw' - UTF-16 - en-US Text NDEF UTF-16 malformed*/ +static uint8_t text_utf16_invalid[] = {0xd1, 0x1, 0x19, 0x54, 0x85, + /* en-US */ + 0x65, 0x6e, 0x2d, 0x55, 0x53, + /* hello żółw */ + 0x68, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x6f, 0x00, + /* Missing last byte */ + 0x20, 0x00, 0x7c, 0x01, 0xf3, 0x00, 0x42, 0x01, 0x77}; + /* Smart poster with a http://intel.com URI record */ static uint8_t single_sp[] = {0xd1, 0x2, 0xe, 0x53, 0x70, 0xd1, 0x1, 0xa, 0x55, 0x3, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x2e, @@ -253,6 +262,15 @@ static void test_ndef_text(void) test_ndef_free_record(record); } +static void test_ndef_text_invalid_utf16(void) +{ + GList *records; + + records = near_ndef_parse_msg(text_utf16_invalid, sizeof(text_utf16_invalid), NULL); + + g_assert_null(records); +} + static void test_ndef_single_sp(void) { GList *records; @@ -422,6 +440,7 @@ int main(int argc, char **argv) g_test_add_func("/testNDEF-parse/Test URI NDEF", test_ndef_uri); g_test_add_func("/testNDEF-parse/Test Text NDEF", test_ndef_text); + g_test_add_func("/testNDEF-parse/Test Text NDEF UTF-16 malformed", test_ndef_text_invalid_utf16); g_test_add_func("/testNDEF-parse/Test Single record SmartPoster NDEF", test_ndef_single_sp); g_test_add_func("/testNDEF-parse/Test Title record SmartPoster NDEF", |