From 643ea861f228407ee1d71851ac06e4456f78fc01 Mon Sep 17 00:00:00 2001 From: Kenneth R Westerback Date: Mon, 30 Aug 2021 20:41:34 +0000 Subject: Make uuid_from_string() reject a string of the correct length but having a non-hex digit in the last character. Inspired by code in uuid_parse() from Ted Ts'o. ok millert@ --- lib/libc/uuid/uuid_from_string.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'lib/libc') diff --git a/lib/libc/uuid/uuid_from_string.c b/lib/libc/uuid/uuid_from_string.c index d8e2b5f9c29..4989694f7f6 100644 --- a/lib/libc/uuid/uuid_from_string.c +++ b/lib/libc/uuid/uuid_from_string.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuid_from_string.c,v 1.2 2015/09/10 18:13:46 guenther Exp $ */ +/* $OpenBSD: uuid_from_string.c,v 1.3 2021/08/30 20:41:33 krw Exp $ */ /* $NetBSD: uuid_from_string.c,v 1.1 2004/09/13 21:44:54 thorpej Exp $ */ /* @@ -30,6 +30,7 @@ * $FreeBSD: src/lib/libc/uuid/uuid_from_string.c,v 1.2 2003/08/08 19:18:43 marcel Exp $ */ +#include #include #include #include @@ -68,8 +69,21 @@ uuid_from_string(const char *s, uuid_t *u, uint32_t *status) * The so called "old" UUIDs, which we don't support, have the form: * 0123456789ab.cd.ef.01.23.45.67.89.ab */ - if (s[8] != '-') - return; + for (n = 0; n < UUID_STR_LEN; n++) { + switch (n) { + case 8: + case 13: + case 18: + case 23: + if (s[n] != '-') + return; + break; + default: + if (!isxdigit((unsigned char)(s[n]))) + return; + break; + } + } n = sscanf(s, "%8x-%4hx-%4hx-%2hhx%2hhx-%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", -- cgit v1.2.3