From f9f93183500aec3a2bf31ba12683861d7295d5b2 Mon Sep 17 00:00:00 2001 From: Richard Hansen Date: Mon, 6 Jun 2022 00:52:21 -0400 Subject: [PATCH] bindat (strz): Error on null byte if packing variable-length string * lisp/emacs-lisp/bindat.el (strz): Signal an error if a null byte is encountered while packing a string to a variable-length strz field. * test/lisp/emacs-lisp/bindat-tests.el (strz): Add tests. --- lisp/emacs-lisp/bindat.el | 5 +++++ test/lisp/emacs-lisp/bindat-tests.el | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lisp/emacs-lisp/bindat.el b/lisp/emacs-lisp/bindat.el index 2d6589b52d..e6740cb6e8 100644 --- a/lisp/emacs-lisp/bindat.el +++ b/lisp/emacs-lisp/bindat.el @@ -444,6 +444,11 @@ bindat--pack-strz (let* ((v (string-to-unibyte v)) (len (length v))) (dotimes (i len) + (if (= (aref v i) 0) + ;; Alternatively we could pretend that this was the end of + ;; the string and stop packing, but then bindat-length would + ;; need to scan the input string looking for a null byte. + (error "Null byte encountered in input strz string")) (aset bindat-raw (+ bindat-idx i) (aref v i))) (setq bindat-idx (+ bindat-idx len 1)))) diff --git a/test/lisp/emacs-lisp/bindat-tests.el b/test/lisp/emacs-lisp/bindat-tests.el index 8bb3baa485..7d1233ded7 100644 --- a/test/lisp/emacs-lisp/bindat-tests.el +++ b/test/lisp/emacs-lisp/bindat-tests.el @@ -240,7 +240,12 @@ bindat-test--str-strz-multibyte (ert-deftest bindat-test--strz-varlen-pack () (should (equal (bindat-pack spec "") "\0")) - (should (equal (bindat-pack spec "abc") "abc\0"))) + (should (equal (bindat-pack spec "abc") "abc\0")) + ;; Null bytes in the input string break unpacking. + (should-error (bindat-pack spec "\0")) + (should-error (bindat-pack spec "\0x")) + (should-error (bindat-pack spec "x\0")) + (should-error (bindat-pack spec "x\0y"))) (ert-deftest bindat-test--strz-varlen-unpack () (should (equal (bindat-unpack spec "\0") "")) -- 2.36.1