github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-11-22 12:43:58 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix #3130: Crash at fuzzing target replacer (#3133)

Browse Source 
* Fix #3130: Crash at fuzzing target replacer

* Add additional test case based on fuzzer feedback
This commit is contained in:
Bill Glover 2020-03-11 22:12:00 +00:00 committed by GitHub
parent 90f1f7bce7
commit cfe85a9fe6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
replacer.go
View File

@ -124,6 +124,8 @@ func (r *Replacer) replace(input, empty string,
// iterate the input to find each placeholder // iterate the input to find each placeholder
var lastWriteCursor int var lastWriteCursor int
scan:
for i := 0; i < len(input); i++ { for i := 0; i < len(input); i++ {
// check for escaped braces // check for escaped braces
@ -145,7 +147,11 @@ func (r *Replacer) replace(input, empty string,
// if necessary look for the first closing brace that is not escaped // if necessary look for the first closing brace that is not escaped
for end > 0 && end < len(input)-1 && input[end-1] == phEscape { for end > 0 && end < len(input)-1 && input[end-1] == phEscape {
end = strings.Index(input[end+1:], string(phClose)) + end + 1 nextEnd := strings.Index(input[end+1:], string(phClose))
if nextEnd < 0 {
continue scan
}
end += nextEnd + 1
} }
// write the substring from the last cursor to this point // write the substring from the last cursor to this point

8
replacer_test.go
View File

@ -156,6 +156,14 @@ func TestReplacer(t *testing.T) {
input: `\{'group':'default','max_age':3600,'endpoints':[\{'url':'https://some.domain.local/a/d/g'\}],'include_subdomains':true\}`, input: `\{'group':'default','max_age':3600,'endpoints':[\{'url':'https://some.domain.local/a/d/g'\}],'include_subdomains':true\}`,
expect: `{'group':'default','max_age':3600,'endpoints':[{'url':'https://some.domain.local/a/d/g'}],'include_subdomains':true}`, expect: `{'group':'default','max_age':3600,'endpoints':[{'url':'https://some.domain.local/a/d/g'}],'include_subdomains':true}`,
}, },
{
input: `{}{}{}{\\\\}\\\\`,
expect: `{\\\}\\\\`,
},
{
input: string([]byte{0x26, 0x00, 0x83, 0x7B, 0x84, 0x07, 0x5C, 0x7D, 0x84}),
expect: string([]byte{0x26, 0x00, 0x83, 0x7B, 0x84, 0x07, 0x7D, 0x84}),
},
} { } {
actual := rep.ReplaceAll(tc.input, tc.empty) actual := rep.ReplaceAll(tc.input, tc.empty)
if actual != tc.expect { if actual != tc.expect {