diff options
author | Kenneth R Westerback <krw@cvs.openbsd.org> | 2021-08-30 20:41:34 +0000 |
---|---|---|
committer | Kenneth R Westerback <krw@cvs.openbsd.org> | 2021-08-30 20:41:34 +0000 |
commit | 643ea861f228407ee1d71851ac06e4456f78fc01 (patch) | |
tree | c4e5249e74852d292b438a75065358cf5d87eb4b | |
parent | 45467fa81a198dc9cb67a19eaff8fab2106d581c (diff) |
Make uuid_from_string() reject a string of the correct length but having a
non-hex digit in the last character.
Inspired by code in uuid_parse() from Ted Ts'o.
ok millert@
-rw-r--r-- | lib/libc/uuid/uuid_from_string.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/lib/libc/uuid/uuid_from_string.c b/lib/libc/uuid/uuid_from_string.c index d8e2b5f9c29..4989694f7f6 100644 --- a/lib/libc/uuid/uuid_from_string.c +++ b/lib/libc/uuid/uuid_from_string.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuid_from_string.c,v 1.2 2015/09/10 18:13:46 guenther Exp $ */ +/* $OpenBSD: uuid_from_string.c,v 1.3 2021/08/30 20:41:33 krw Exp $ */ /* $NetBSD: uuid_from_string.c,v 1.1 2004/09/13 21:44:54 thorpej Exp $ */ /* @@ -30,6 +30,7 @@ * $FreeBSD: src/lib/libc/uuid/uuid_from_string.c,v 1.2 2003/08/08 19:18:43 marcel Exp $ */ +#include <ctype.h> #include <stdio.h> #include <string.h> #include <uuid.h> @@ -68,8 +69,21 @@ uuid_from_string(const char *s, uuid_t *u, uint32_t *status) * The so called "old" UUIDs, which we don't support, have the form: * 0123456789ab.cd.ef.01.23.45.67.89.ab */ - if (s[8] != '-') - return; + for (n = 0; n < UUID_STR_LEN; n++) { + switch (n) { + case 8: + case 13: + case 18: + case 23: + if (s[n] != '-') + return; + break; + default: + if (!isxdigit((unsigned char)(s[n]))) + return; + break; + } + } n = sscanf(s, "%8x-%4hx-%4hx-%2hhx%2hhx-%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", |