From 86325f960af8eb1df712e2f26e2b708f80c14ac6 Mon Sep 17 00:00:00 2001 From: Richard Hansen Date: Mon, 13 Jun 2022 14:32:01 +0200 Subject: [PATCH] bindat (strz): Error on null byte if packing variable-length string * lisp/emacs-lisp/bindat.el (strz): Signal an error if a null byte is encountered while packing a string to a variable-length strz field. * test/lisp/emacs-lisp/bindat-tests.el (strz): Add tests (bug#55938). --- lisp/emacs-lisp/bindat.el | 5 +++++ test/lisp/emacs-lisp/bindat-tests.el | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lisp/emacs-lisp/bindat.el b/lisp/emacs-lisp/bindat.el index 2d6589b52de..9ba89a5e3fe 100644 --- a/lisp/emacs-lisp/bindat.el +++ b/lisp/emacs-lisp/bindat.el @@ -444,6 +444,11 @@ e.g. corresponding to STRUCT.FIELD1[INDEX2].FIELD3..." (let* ((v (string-to-unibyte v)) (len (length v))) (dotimes (i len) + (when (= (aref v i) 0) + ;; Alternatively we could pretend that this was the end of + ;; the string and stop packing, but then bindat-length would + ;; need to scan the input string looking for a null byte. + (error "Null byte encountered in input strz string")) (aset bindat-raw (+ bindat-idx i) (aref v i))) (setq bindat-idx (+ bindat-idx len 1)))) diff --git a/test/lisp/emacs-lisp/bindat-tests.el b/test/lisp/emacs-lisp/bindat-tests.el index 8bb3baa485e..7d1233ded7c 100644 --- a/test/lisp/emacs-lisp/bindat-tests.el +++ b/test/lisp/emacs-lisp/bindat-tests.el @@ -240,7 +240,12 @@ (ert-deftest bindat-test--strz-varlen-pack () (should (equal (bindat-pack spec "") "\0")) - (should (equal (bindat-pack spec "abc") "abc\0"))) + (should (equal (bindat-pack spec "abc") "abc\0")) + ;; Null bytes in the input string break unpacking. + (should-error (bindat-pack spec "\0")) + (should-error (bindat-pack spec "\0x")) + (should-error (bindat-pack spec "x\0")) + (should-error (bindat-pack spec "x\0y"))) (ert-deftest bindat-test--strz-varlen-unpack () (should (equal (bindat-unpack spec "\0") "")) -- 2.39.2