summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenneth R Westerback <krw@cvs.openbsd.org>2021-08-30 20:41:34 +0000
committerKenneth R Westerback <krw@cvs.openbsd.org>2021-08-30 20:41:34 +0000
commit643ea861f228407ee1d71851ac06e4456f78fc01 (patch)
treec4e5249e74852d292b438a75065358cf5d87eb4b
parent45467fa81a198dc9cb67a19eaff8fab2106d581c (diff)
Make uuid_from_string() reject a string of the correct length but having a
non-hex digit in the last character. Inspired by code in uuid_parse() from Ted Ts'o. ok millert@
-rw-r--r--lib/libc/uuid/uuid_from_string.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/lib/libc/uuid/uuid_from_string.c b/lib/libc/uuid/uuid_from_string.c
index d8e2b5f9c29..4989694f7f6 100644
--- a/lib/libc/uuid/uuid_from_string.c
+++ b/lib/libc/uuid/uuid_from_string.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uuid_from_string.c,v 1.2 2015/09/10 18:13:46 guenther Exp $ */
+/* $OpenBSD: uuid_from_string.c,v 1.3 2021/08/30 20:41:33 krw Exp $ */
/* $NetBSD: uuid_from_string.c,v 1.1 2004/09/13 21:44:54 thorpej Exp $ */
/*
@@ -30,6 +30,7 @@
* $FreeBSD: src/lib/libc/uuid/uuid_from_string.c,v 1.2 2003/08/08 19:18:43 marcel Exp $
*/
+#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <uuid.h>
@@ -68,8 +69,21 @@ uuid_from_string(const char *s, uuid_t *u, uint32_t *status)
* The so called "old" UUIDs, which we don't support, have the form:
* 0123456789ab.cd.ef.01.23.45.67.89.ab
*/
- if (s[8] != '-')
- return;
+ for (n = 0; n < UUID_STR_LEN; n++) {
+ switch (n) {
+ case 8:
+ case 13:
+ case 18:
+ case 23:
+ if (s[n] != '-')
+ return;
+ break;
+ default:
+ if (!isxdigit((unsigned char)(s[n])))
+ return;
+ break;
+ }
+ }
n = sscanf(s,
"%8x-%4hx-%4hx-%2hhx%2hhx-%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx",