system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-02 22:24:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

AK: Check for overflow parsing IPv4 number in URL

Browse source 
Fixes OSS fuzz issue:
https://oss-fuzz.com/download?testcase_id=6045676088459264
This commit is contained in:
Shannon Booth 2023-10-04 21:17:00 +13:00 committed by Andreas Kling
parent 453dd0cf44
commit 3748f1d290
2 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
AK/URLParser.cpp
View file

@ -120,18 +120,22 @@ static Optional<ParsedIPv4Number> parse_ipv4_number(StringView input)
}
// 8. Let output be the mathematical integer value that is represented by input in radix-R notation, using ASCII hex digits for digits with values 0 through 15.
u32 output;
Optional<u32> maybe_output;
if (radix == 8)
output = StringUtils::convert_to_uint_from_octal(input).release_value();
maybe_output = StringUtils::convert_to_uint_from_octal(input);
else if (radix == 10)
output = input.to_uint().release_value();
maybe_output = input.to_uint();
else if (radix == 16)
output = StringUtils::convert_to_uint_from_hex(input).release_value();
maybe_output = StringUtils::convert_to_uint_from_hex(input);
else
VERIFY_NOT_REACHED();
// NOTE: Parsing may have failed due to overflow.
if (!maybe_output.has_value())
return {};
// 9. Return (output, validationError).
return ParsedIPv4Number { output, validation_error };
return ParsedIPv4Number { maybe_output.value(), validation_error };
}
// https://url.spec.whatwg.org/#concept-ipv4-parser

6
Tests/AK/TestURL.cpp
View file

@ -535,4 +535,10 @@ TEST_CASE(ipv4_address)
EXPECT(url.is_valid());
EXPECT_EQ(MUST(url.serialized_host()), "52.251.94.56"sv);
}
{
constexpr auto ipv4_url = "http://9111111111"sv;
URL url(ipv4_url);
EXPECT(!url.is_valid());
}
}