~tdaitx/whoopsie/security-fixes

« back to all changes in this revision

Viewing changes to lib/bson/encoding.c

Committer: Tiago Stürmer Daitx
Date: 2019-10-30 04:28:50 UTC
Revision ID: tiago.daitx@ubuntu.com-20191030042850-u1gymgv6u3gw59ll

SECURITY UPDATE: Integer overflow when handling large bson objects (LP: #1830865)

files modified:
debian/changelog

lib/bson/bson.c

lib/bson/bson.h

lib/bson/encoding.c

lib/bson/encoding.h

src/whoopsie.c

Show diffs side-by-side

added added

removed removed

lib/bson/encoding.c

* If presented with a length > 4, this returns 0. The Unicode

* definition of UTF-8 goes up to 4-byte sequences.

static int isLegalUTF8( const unsigned char *source, int length ) {

static int isLegalUTF8( const unsigned char *source, size_t length ) {

unsigned char a;

const unsigned char *srcptr = source + length;

switch ( length ) {

102

}

103

104

static int bson_validate_string( bson *b, const unsigned char *string,

105

const int length, const char check_utf8, const char check_dot,

105

const size_t length, const char check_utf8, const char check_dot,

106

const char check_dollar ) {

107

108

int position = 0;

109

int sequence_length = 1;

108

size_t position = 0;

109

size_t sequence_length = 1;

110

111

if( check_dollar && string[0] == '$' ) {

112

b->err |= BSON_FIELD_INIT_DOLLAR;

136

137

138

int bson_check_string( bson *b, const char *string,

139

const int length ) {

139

const size_t length ) {

140

141

return bson_validate_string( b, ( const unsigned char * )string, length, 1, 0, 0 );

142

}

143

144

int bson_check_field_name( bson *b, const char *string,

145

const int length ) {

145

const size_t length ) {

146

147

return bson_validate_string( b, ( const unsigned char * )string, length, 1, 1, 1 );

148

}

Older »