From 59015965485e08f53dad126e7393791e1df0825e Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Wed, 3 Jun 2015 09:42:03 +0200 Subject: json: fail read_string if string contains trailing garbage Change `read_string` to fail when not the entire input has been consumed. This avoids unexpected, even dangerous behavior (fixes #6223). The new JSON parser adapted in #6121 also solves this problem so in master this is a temporary fix, but should be backported to older releases. Also adds tests for the new behavior. Github-Pull: #6226 Rebased-From: 4e157fc60dae5ca69933ea4c1585a2a078b4d957 --- src/test/rpc_tests.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'src/test') diff --git a/src/test/rpc_tests.cpp b/src/test/rpc_tests.cpp index 45cb551d04..5899671d2f 100644 --- a/src/test/rpc_tests.cpp +++ b/src/test/rpc_tests.cpp @@ -140,6 +140,24 @@ BOOST_AUTO_TEST_CASE(rpc_parse_monetary_values) BOOST_CHECK_EQUAL(AmountFromValue(ValueFromString("20999999.99999999")), 2099999999999999LL); } +BOOST_AUTO_TEST_CASE(json_parse_errors) +{ + Value value; + // Valid + BOOST_CHECK_EQUAL(read_string(std::string("1.0"), value), true); + // Valid, with trailing whitespace + BOOST_CHECK_EQUAL(read_string(std::string("1.0 "), value), true); + // Invalid, initial garbage + BOOST_CHECK_EQUAL(read_string(std::string("[1.0"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("a1.0"), value), false); + // Invalid, trailing garbage + BOOST_CHECK_EQUAL(read_string(std::string("1.0sds"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("1.0]"), value), false); + // BTC addresses should fail parsing + BOOST_CHECK_EQUAL(read_string(std::string("175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("3J98t1WpEZ73CNmQviecrnyiWrnqRhWNL"), value), false); +} + BOOST_AUTO_TEST_CASE(rpc_boostasiotocnetaddr) { // Check IPv4 addresses -- cgit v1.2.3