forked from gitea/gitea
1
0
Fork 0

Remove NULs byte arrays passed to PostProcess (#14587)

PostProcess is supposed to be parsing and handling HTML
fragments, but on fuzzing it appears that there is a weird
issue with NUL elements that could cause a memory address
error in downstream libraries.

The simplest solution is to strip out the weird NULs - they
should not be there in any case and would be stripped out
anyway.

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2021-02-18 01:32:14 +00:00 committed by GitHub
parent ec06eb112c
commit 7ab6c77b41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 1 deletions

View File

@ -324,8 +324,30 @@ func (ctx *postProcessCtx) postProcess(rawHTML []byte) ([]byte, error) {
// give a generous extra 50 bytes // give a generous extra 50 bytes
res := make([]byte, 0, len(rawHTML)+50) res := make([]byte, 0, len(rawHTML)+50)
// prepend "<html><body>"
res = append(res, "<html><body>"...) res = append(res, "<html><body>"...)
res = append(res, rawHTML...)
// Strip out nuls - they're always invalid
start := bytes.IndexByte(rawHTML, '\000')
if start >= 0 {
res = append(res, rawHTML[:start]...)
start++
for start < len(rawHTML) {
end := bytes.IndexByte(rawHTML[start:], '\000')
if end < 0 {
res = append(res, rawHTML[start:]...)
break
} else if end > 0 {
res = append(res, rawHTML[start:start+end]...)
}
start += end + 1
}
} else {
res = append(res, rawHTML...)
}
// close the tags
res = append(res, "</body></html>"...) res = append(res, "</body></html>"...)
// parse the HTML // parse the HTML