Skip to content

Fix univalue handling of \u0000 characters. #6266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
laanwj merged 1 commit into from
Jun 12, 2015
Merged

Fix univalue handling of \u0000 characters. #6266

laanwj merged 1 commit into from
Jun 12, 2015

Conversation

@domob1812
Copy link
Contributor

@domob1812 domob1812 commented Jun 10, 2015

Univalue's parsing of \u escape sequences did not handle NUL characters correctly. They were, effectively, dropped. The extended test-case fails with the old code, and is fixed with this patch.

domob1812 added a commit to domob1812/namecoin-core that referenced this pull request Jun 10, 2015
@domob1812
Merge branch 'auxpow'
944e927 
Currently, the rest.py test fails due to a bug in Univalue with NUL
characters.  This will, hopefully, be fixed upstream in Bitcoin soon.
See my patch:

  bitcoin/bitcoin#6266

Conflicts:
	contrib/gitian-descriptors/gitian-linux.yml
	src/init.cpp
	src/rpcrawtransaction.cpp
	src/rpcserver.cpp
	src/rpcserver.h
	src/test/Checkpoints_tests.cpp
	src/wallet/rpcwallet.cpp
@laanwj
Copy link
Member

laanwj commented Jun 10, 2015

Thanks for thinking about NUL characters, they're a pet peeve of mine.
utACK

@jgarzik
Copy link
Contributor

jgarzik commented Jun 10, 2015

Concept ACK - IMO this needs a really close review to ensure you don't overflow e.g. the buf that shrank from 4 to 3

laanwj
laanwj reviewed Jun 11, 2015
View reviewed changes
src/univalue/univalue_read.cpp Outdated
Copy link
Member

@laanwj laanwj Jun 11, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This absolutely needs review, but the changes look very sane to me. The buffer size is decreased from 4 to 3 because the last slot was only there to hold a terminating NUL character. This is no longer necessary because the new code counts characters. If this has an overflow bug, it was already there.

I wonder one thing though: could we push_back the characters into valStr directly instead of the intermediate buf? This would avoid any overflow risk.

Copy link
Contributor Author

@domob1812 domob1812 Jun 11, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly that was my rationale. The buffer will only ever be accessed in the iterator range [buf, last), and last itself is incremented at most three times.

However, I like your suggestion of using push_back directly! I think that makes sense and will rewrite the code accordingly.

@domob1812
Fix univalue handling of \u0000 characters.
0cc7b23 
Univalue's parsing of \u escape sequences did not handle NUL characters
correctly.  They were, effectively, dropped.  The extended test-case
fails with the old code, and is fixed with this patch.
@domob1812
Copy link
Contributor Author

domob1812 commented Jun 11, 2015

I've changed the patch to directly push the characters onto the result instead of using the temporary buffer. This should be cleaner and less prone to potential overflow bugs.

@laanwj
Copy link
Member

laanwj commented Jun 11, 2015

Thanks. re-utACK

@jgarzik
Copy link
Contributor

jgarzik commented Jun 11, 2015

ACK

@jonasschnelli
Copy link
Contributor

jonasschnelli commented Jun 11, 2015

Tested & reviewed ACK

@laanwj laanwj merged commit 0cc7b23 into bitcoin:master Jun 12, 2015
laanwj added a commit that referenced this pull request Jun 12, 2015
@laanwj
Merge pull request #6266
ebab5d3 
0cc7b23 Fix univalue handling of \u0000 characters. (Daniel Kraft)
@domob1812 domob1812 deleted the fix-univalue-nul branch June 12, 2015 12:05
@str4d str4d mentioned this pull request Feb 14, 2017
Merged
zkbot added a commit to zcash/zcash that referenced this pull request Mar 4, 2017
@zkbot
Auto merge of #2100 - str4d:2074-rpc, r=arcalinea
a7cf698 
Bitcoin 0.12 RPC PRs 1

Cherry-picked from the following upstream PRs:

- bitcoin/bitcoin#6266
- bitcoin/bitcoin#6257
- bitcoin/bitcoin#6271
- bitcoin/bitcoin#6158
- bitcoin/bitcoin#6307
- bitcoin/bitcoin#6290
- bitcoin/bitcoin#6262
- bitcoin/bitcoin#6088
- bitcoin/bitcoin#6339
- bitcoin/bitcoin#6299 (partial, remainder in #2099)
- bitcoin/bitcoin#6350
- bitcoin/bitcoin#6247
- bitcoin/bitcoin#6362
- bitcoin/bitcoin#5486
- bitcoin/bitcoin#6417
- bitcoin/bitcoin#6398 (partial, remainder was included in #1950)
- bitcoin/bitcoin#6444
- bitcoin/bitcoin#6456 (partial, remainder was included in #2082)
- bitcoin/bitcoin#6380
- bitcoin/bitcoin#6970

Part of #2074.
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

RPC/REST/ZMQ

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@domob1812 @laanwj @jgarzik @jonasschnelli