json-c/backport-Issue-867-disallow-control-characters-in-strict-mode.patch

From 6bfab90c87c27e79eae28b775938756d2fdaf6c9 Mon Sep 17 00:00:00 2001
From: Eric Hawicz <erh+git@nimenees.com>
Date: Mon, 2 Sep 2024 09:43:04 -0400
Subject: [PATCH] Issue #867: disallow control characters in strict mode.

---
 json_tokener.c     |  6 ++++++
 tests/test_parse.c | 40 +++++++++++++++++++++++++++++++++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/json_tokener.c b/json_tokener.c
index 0a86d82..c831f8a 100644
--- a/json_tokener.c
+++ b/json_tokener.c
@@ -678,6 +678,12 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
 					state = json_tokener_state_string_escape;
 					break;
 				}
+				else if ((tok->flags & JSON_TOKENER_STRICT) && c <= 0x1f)
+				{
+					// Disallow control characters in strict mode
+					tok->err = json_tokener_error_parse_string;
+					goto out;
+				}
 				if (!ADVANCE_CHAR(str, tok) || !PEEK_CHAR(c, tok))
 				{
 					printbuf_memappend_checked(tok->pb, case_start,
diff --git a/tests/test_parse.c b/tests/test_parse.c
index 92d822a..d664a31 100644
--- a/tests/test_parse.c
+++ b/tests/test_parse.c
@@ -535,7 +535,7 @@ struct incremental_step
     {"{\"a\":}", -1, 5, json_tokener_error_parse_unexpected, 1, 0},
     {"{\"a\":1,\"a\":2}", -1, -1, json_tokener_success, 1, 0},
     {"\"a\":1}", -1, 3, json_tokener_success, 1, 0},
-    {"{\"a\":1", -1, -1, json_tokener_continue, 1, 0},
+    {"{\"a\":1", -1, -1, json_tokener_continue, 1, 0}, //}
     {"[,]", -1, 1, json_tokener_error_parse_unexpected, 1, 0},
     {"[,1]", -1, 1, json_tokener_error_parse_unexpected, 1, 0},
 
@@ -595,6 +595,44 @@ struct incremental_step
     {"\x7b\x22\x31\x81\x22\x3a\x31\x7d", -1, 3, json_tokener_error_parse_utf8_string, 1,
      JSON_TOKENER_VALIDATE_UTF8},
 
+    // Note, current asciiz APIs can't parse \x00, skip it
+    { "\"0\x01\x02\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" \
+      "\x10\x11\x12\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\"",
+      -1, -1, json_tokener_success, 1, 0 },
+
+    // Test control chars again, this time in strict mode, which should fail
+    { "\"\x01\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x02\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x03\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x04\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x05\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x06\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x07\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x08\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x09\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0a\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0b\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0c\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0d\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x0f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x10\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x11\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x12\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x13\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x14\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x15\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x16\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x17\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x18\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x19\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1a\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1b\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1c\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1d\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "\"\x1f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+
     {NULL, -1, -1, json_tokener_success, 0, 0},
 };
 
-- 
2.43.0
backport upstream patch (cherry picked from commit 73ac674f0a01befdc77102ec85aa9ba242162473) 2024-12-04 11:18:55 +08:00			`From 6bfab90c87c27e79eae28b775938756d2fdaf6c9 Mon Sep 17 00:00:00 2001`
			`From: Eric Hawicz <erh+git@nimenees.com>`
			`Date: Mon, 2 Sep 2024 09:43:04 -0400`
			`Subject: [PATCH] Issue #867: disallow control characters in strict mode.`

			`---`
			`json_tokener.c \| 6 ++++++`
			`tests/test_parse.c \| 40 +++++++++++++++++++++++++++++++++++++++-`
			`2 files changed, 45 insertions(+), 1 deletion(-)`

			`diff --git a/json_tokener.c b/json_tokener.c`
			`index 0a86d82..c831f8a 100644`
			`--- a/json_tokener.c`
			`+++ b/json_tokener.c`
			`@@ -678,6 +678,12 @@ struct json_object json_tokener_parse_ex(struct json_tokener tok, const char *`
			`state = json_tokener_state_string_escape;`
			`break;`
			`}`
			`+ else if ((tok->flags & JSON_TOKENER_STRICT) && c <= 0x1f)`
			`+ {`
			`+ // Disallow control characters in strict mode`
			`+ tok->err = json_tokener_error_parse_string;`
			`+ goto out;`
			`+ }`
			`if (!ADVANCE_CHAR(str, tok) \|\| !PEEK_CHAR(c, tok))`
			`{`
			`printbuf_memappend_checked(tok->pb, case_start,`
			`diff --git a/tests/test_parse.c b/tests/test_parse.c`
			`index 92d822a..d664a31 100644`
			`--- a/tests/test_parse.c`
			`+++ b/tests/test_parse.c`
			`@@ -535,7 +535,7 @@ struct incremental_step`
			`{"{\"a\":}", -1, 5, json_tokener_error_parse_unexpected, 1, 0},`
			`{"{\"a\":1,\"a\":2}", -1, -1, json_tokener_success, 1, 0},`
			`{"\"a\":1}", -1, 3, json_tokener_success, 1, 0},`
			`- {"{\"a\":1", -1, -1, json_tokener_continue, 1, 0},`
			`+ {"{\"a\":1", -1, -1, json_tokener_continue, 1, 0}, //}`
			`{"[,]", -1, 1, json_tokener_error_parse_unexpected, 1, 0},`
			`{"[,1]", -1, 1, json_tokener_error_parse_unexpected, 1, 0},`

			`@@ -595,6 +595,44 @@ struct incremental_step`
			`{"\x7b\x22\x31\x81\x22\x3a\x31\x7d", -1, 3, json_tokener_error_parse_utf8_string, 1,`
			`JSON_TOKENER_VALIDATE_UTF8},`

			`+ // Note, current asciiz APIs can't parse \x00, skip it`
			`+ { "\"0\x01\x02\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" \`
			`+ "\x10\x11\x12\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\"",`
			`+ -1, -1, json_tokener_success, 1, 0 },`
			`+`
			`+ // Test control chars again, this time in strict mode, which should fail`
			`+ { "\"\x01\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x02\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x03\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x04\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x05\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x06\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x07\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x08\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x09\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x0a\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x0b\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x0c\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x0d\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x0e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x0f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x10\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x11\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x12\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x13\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x14\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x15\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x16\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x17\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x18\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x19\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x1a\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x1b\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x1c\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x1d\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x1e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+ { "\"\x1f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },`
			`+`
			`{NULL, -1, -1, json_tokener_success, 0, 0},`
			`};`

			`--`
			`2.43.0`