From 50d05d406e9d0085eb41bd14326a9bf2012a8f01 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Fri, 17 Jun 2022 14:33:28 -0700 Subject: [PATCH 1/2] Properly handle incorrect port numbers in parseURL (fixes #4200) --- src/ripple/basics/impl/StringUtilities.cpp | 6 ++++++ src/test/basics/StringUtilities_test.cpp | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/src/ripple/basics/impl/StringUtilities.cpp b/src/ripple/basics/impl/StringUtilities.cpp index 8036cc3bfb0..7c84df54409 100644 --- a/src/ripple/basics/impl/StringUtilities.cpp +++ b/src/ripple/basics/impl/StringUtilities.cpp @@ -90,6 +90,12 @@ parseUrl(parsedURL& pUrl, std::string const& strUrl) if (!port.empty()) { pUrl.port = beast::lexicalCast(port); + + // For inputs larger than 2^32-1 (65535), lexicalCast returns 0. + // parseUrl returns false for such inputs. + if (pUrl.port == 0) { + return false; + } } pUrl.path = smMatch[6]; diff --git a/src/test/basics/StringUtilities_test.cpp b/src/test/basics/StringUtilities_test.cpp index fc6d54c63ce..7bf4947e070 100644 --- a/src/test/basics/StringUtilities_test.cpp +++ b/src/test/basics/StringUtilities_test.cpp @@ -289,6 +289,12 @@ class StringUtilities_test : public beast::unit_test::suite BEAST_EXPECT(!parseUrl(pUrl, "nonsense")); BEAST_EXPECT(!parseUrl(pUrl, "://")); BEAST_EXPECT(!parseUrl(pUrl, ":///")); + BEAST_EXPECT(!parseUrl(pUrl, "scheme://user:pass@domain:65536/abc:321")); + BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:23498765/")); + BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:0/")); + BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:+7/")); + BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:-7234/")); + BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:@#$56!/")); } { From 4e4fd034b1d9d95c01a07ff9431210372d6706e7 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Tue, 21 Jun 2022 10:08:33 -0700 Subject: [PATCH 2/2] Applied clang-format to conform to formatting standards --- src/ripple/basics/impl/StringUtilities.cpp | 5 +++-- src/test/basics/StringUtilities_test.cpp | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ripple/basics/impl/StringUtilities.cpp b/src/ripple/basics/impl/StringUtilities.cpp index 7c84df54409..bebbe1ef80b 100644 --- a/src/ripple/basics/impl/StringUtilities.cpp +++ b/src/ripple/basics/impl/StringUtilities.cpp @@ -91,9 +91,10 @@ parseUrl(parsedURL& pUrl, std::string const& strUrl) { pUrl.port = beast::lexicalCast(port); - // For inputs larger than 2^32-1 (65535), lexicalCast returns 0. + // For inputs larger than 2^32-1 (65535), lexicalCast returns 0. // parseUrl returns false for such inputs. - if (pUrl.port == 0) { + if (pUrl.port == 0) + { return false; } } diff --git a/src/test/basics/StringUtilities_test.cpp b/src/test/basics/StringUtilities_test.cpp index 7bf4947e070..6146a3dcd41 100644 --- a/src/test/basics/StringUtilities_test.cpp +++ b/src/test/basics/StringUtilities_test.cpp @@ -289,7 +289,8 @@ class StringUtilities_test : public beast::unit_test::suite BEAST_EXPECT(!parseUrl(pUrl, "nonsense")); BEAST_EXPECT(!parseUrl(pUrl, "://")); BEAST_EXPECT(!parseUrl(pUrl, ":///")); - BEAST_EXPECT(!parseUrl(pUrl, "scheme://user:pass@domain:65536/abc:321")); + BEAST_EXPECT( + !parseUrl(pUrl, "scheme://user:pass@domain:65536/abc:321")); BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:23498765/")); BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:0/")); BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:+7/"));