allow interchange of nullbyte in strings

2011-12-01 06:32:56 -08:00 · 2011-12-01 06:32:56 -08:00 · 6dfaa61bfa
commit 6dfaa61bfa
parent 1cfd565458
7 changed files with 1 additions and 33 deletions
--- a/src/jsx_decoder.erl
+++ b/src/jsx_decoder.erl
@ -283,7 +283,7 @@ string(Bin, Handler, Stack, Opts) ->
 %% we don't need to guard against partial utf here, because it's already taken
 %%   care of in string. theoretically, the last clause of noncharacter/4 is
 %%   unreachable
-%% non-characters erlang doesn't recognize as non-characters, idiotically
+%% non-characters erlang doesn't recognize as non-characters
 noncharacter(<<S/utf8, Rest/binary>>, Handler, [Acc|Stack], Opts)
        when ?is_noncontrol(S) ->
    string(Rest, Handler, [?acc_seq(Acc, 16#fffd)|Stack], Opts);
@ -335,15 +335,6 @@ escaped_unicode(<<D, Rest/binary>>, Handler, [[C,B,A], Acc|Stack], Opts)
                ; false ->    
                    ?error([<<D, Rest/binary>>, Handler, [[C,B,A], Acc|Stack], Opts])
            end
-        %% allowing interchange of null bytes allows attackers to forge
-        %%   malicious streams
-        ; X when X == 16#0000 ->
-            case Opts#opts.loose_unicode of
-                true ->
-                    string(Rest, Handler, [?acc_seq(Acc, 16#fffd)|Stack], Opts)
-                ; false ->    
-                    ?error([<<D, Rest/binary>>, Handler, [[C,B,A], Acc|Stack], Opts])
-            end
        %% anything else
        ; X ->
            string(Rest, Handler, [?acc_seq(Acc, X)|Stack], Opts)
@ -780,13 +771,6 @@ reserved_test_() ->
        }
    ].
    
-zero_test_() ->
-    [
-        {"nullbyte - badjson",
-            ?_assertEqual(check_bad(zero()), [])
-        }
-    ].
-    
 good_characters_test_() ->
    [
        {"acceptable codepoints",
@ -848,8 +832,6 @@ control_characters() -> lists:seq(1, 31).

 reserved_space() -> lists:seq(16#fdd0, 16#fdef).

-zero() -> [0].
-
 good() -> [32, 33]
            ++ lists:seq(16#23, 16#5b)
            ++ lists:seq(16#5d, 16#d7ff)
--- a/test/cases/escaped_nullbyte_replaced.json
+++ b/test/cases/escaped_nullbyte_replaced.json
@ -1 +0,0 @@
-"\u0000"
--- a/test/cases/escaped_nullbyte_replaced.test
+++ b/test/cases/escaped_nullbyte_replaced.test
@ -1,4 +0,0 @@
-{name, "escaped nullbyte replaced"}.
-{jsx, [{string,<<16#fffd/utf8>>},end_json]}.
-{json, "escaped_nullbyte_replaced.json"}.
-{jsx_flags, [loose_unicode]}.
--- a/test/cases/nullbyte_forbidden.json
+++ b/test/cases/nullbyte_forbidden.json
@ -1 +0,0 @@
-"\u0000"
--- a/test/cases/nullbyte_forbidden.test
+++ b/test/cases/nullbyte_forbidden.test
@ -1,3 +0,0 @@
-{name, "nullbyte forbidden"}.
-{jsx, {error, badjson}}.
-{json, "nullbyte_forbidden.json"}.
--- a/test/cases/nullbyte_replaced.json
+++ b/test/cases/nullbyte_replaced.json
@ -1 +0,0 @@
-"\u0000"
--- a/test/cases/nullbyte_replaced.test
+++ b/test/cases/nullbyte_replaced.test
@ -1,4 +0,0 @@
-{name, "nullbyte replaced"}.
-{jsx, [{string,<<16#fffd/utf8>>},end_json]}.
-{json, "nullbyte_replaced.json"}.
-{jsx_flags, [loose_unicode]}.