linux-nfc.lists.01.org archive mirror
 help / color / mirror / Atom feed
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
To: linux-nfc@lists.01.org
Cc: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Subject: [linux-nfc] [neard][PATCH v2 12/73] ndef: check UTF-16 text payload length
Date: Mon, 19 Jul 2021 13:07:18 +0200	[thread overview]
Message-ID: <20210719110819.27340-13-krzysztof.kozlowski@canonical.com> (raw)
In-Reply-To: <20210719110819.27340-1-krzysztof.kozlowski@canonical.com>

UTF-16 is supposed to be consisting of 16-bit codes (16-bit or 2x16-bit
per character) and parsing anything else is not safe because of cast to
gunichar2.

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
---
 src/ndef.c             |  5 +++++
 unit/test-ndef-parse.c | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/src/ndef.c b/src/ndef.c
index 3d8815634d46..fdd44b467027 100644
--- a/src/ndef.c
+++ b/src/ndef.c
@@ -1189,6 +1189,11 @@ parse_text_payload(uint8_t *payload, uint32_t length)
 
 	len = length - lang_length - 1;
 
+	if (status && (len % 2)) {
+		DBG("Payload not valid UTF-16 (length %d does not match)", len);
+		goto fail;
+	}
+
 	if (len > 0) {
 		txt = (char *)(payload + offset);
 
diff --git a/unit/test-ndef-parse.c b/unit/test-ndef-parse.c
index d26f4c595d9a..6c62c7a928c7 100644
--- a/unit/test-ndef-parse.c
+++ b/unit/test-ndef-parse.c
@@ -150,6 +150,15 @@ static uint8_t text[] = {0xd1, 0x1, 0x13, 0x54, 0x5, 0x65, 0x6e, 0x2d,
 			 0x55, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0xc5,
 			 0xbc, 0xc3, 0xb3, 0xc5, 0x82, 0x77};
 
+/* 'hello żółw' - UTF-16 - en-US Text NDEF UTF-16 malformed*/
+static uint8_t text_utf16_invalid[] = {0xd1, 0x1, 0x19, 0x54, 0x85,
+			/* en-US */
+			0x65, 0x6e, 0x2d, 0x55, 0x53,
+			/* hello żółw */
+			0x68, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x6f, 0x00,
+			/* Missing last byte */
+			0x20, 0x00, 0x7c, 0x01, 0xf3, 0x00, 0x42, 0x01, 0x77};
+
 /* Smart poster with a http://intel.com URI record */
 static uint8_t single_sp[] = {0xd1, 0x2, 0xe, 0x53, 0x70, 0xd1, 0x1, 0xa,
 			      0x55, 0x3, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x2e,
@@ -253,6 +262,15 @@ static void test_ndef_text(void)
 	test_ndef_free_record(record);
 }
 
+static void test_ndef_text_invalid_utf16(void)
+{
+	GList *records;
+
+	records = near_ndef_parse_msg(text_utf16_invalid, sizeof(text_utf16_invalid), NULL);
+
+	g_assert_null(records);
+}
+
 static void test_ndef_single_sp(void)
 {
 	GList *records;
@@ -422,6 +440,7 @@ int main(int argc, char **argv)
 
 	g_test_add_func("/testNDEF-parse/Test URI NDEF", test_ndef_uri);
 	g_test_add_func("/testNDEF-parse/Test Text NDEF", test_ndef_text);
+	g_test_add_func("/testNDEF-parse/Test Text NDEF UTF-16 malformed", test_ndef_text_invalid_utf16);
 	g_test_add_func("/testNDEF-parse/Test Single record SmartPoster NDEF",
 							test_ndef_single_sp);
 	g_test_add_func("/testNDEF-parse/Test Title record SmartPoster NDEF",
-- 
2.27.0
_______________________________________________
Linux-nfc mailing list -- linux-nfc@lists.01.org
To unsubscribe send an email to linux-nfc-leave@lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

  parent reply	other threads:[~2021-07-19 11:08 UTC|newest]

Thread overview: 80+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-19 11:07 [linux-nfc] [neard][PATCH v2 00/73] combined fixes - warnings, memory leaks, memory corruption Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 01/73] Drop empty NEWS Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 02/73] nfctool: fix adapter_get_devices() cast-function-type Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 03/73] nfctool: fix adapter_print_target() cast-function-type Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 04/73] nfctool: fix adapter_print_info() cast-function-type Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 05/73] nfctool: fix adapter_compare_idx() cast-function-type Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 06/73] nfctool: fix nfctool_send_dep_link_up() cast-function-type Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 07/73] nfctool: fix nfctool_print_and_remove_snl() cast-function-type Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 08/73] nfctool: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 09/73] nfctool: pass the format as string literal Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 10/73] dbus: fix -Wformat in near_dbus_encode_string() Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 11/73] unit: pass real UTF-8 for testing text NDEF Krzysztof Kozlowski
2021-07-19 11:07 ` Krzysztof Kozlowski [this message]
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 13/73] ndef: silence clang -Wcast-align warning Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 14/73] ndef: use NDEF_TEXT_RECORD_UTF16_STATUS define Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 15/73] ndef: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 16/73] ndef: make freeing near_ndef_message reusable Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 17/73] se: fix multiple apdu definitions Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 18/73] se: silence clang -Wcast-align warning Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 19/73] se: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 20/73] adapter: adjust indentation of continued arguments Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 21/73] adapter: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 22/73] gdbus: do not shadow global 'pending' variable (-Wshadow) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 23/73] nciattach: fix poll.h include location Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 24/73] nciattach: do not shadow other local 'opt' variable (-Wshadow) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 25/73] bluetooth: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 26/73] nfctype2: " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 27/73] nfctype3: " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 28/73] nfctype5: " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 29/73] nfctype5: fix returning uninitialized stack value in t5_tag_is_ti_pro() Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 30/73] mifare: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 31/73] mifare: use unsigned int to suppress compiler -Wstrict-overflow Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 32/73] p2p: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 33/73] npp: " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 34/73] device: " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 35/73] manager: " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 36/73] netlink: " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 37/73] gdbus: annotate printf-like functions as accepting format Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 38/73] snep-send: fix near_ndef_message memory leak Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 39/73] tag: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 40/73] tag: do not open-code freeing ndef message Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 41/73] snep: " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 42/73] snep: remove useless NULL-ify of local pointer variable Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 43/73] snep: fix double free of GSList Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 44/73] snep: fix fragmented response memory leaks Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 45/73] unit: use g_assert_cmpstr() Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 46/73] unit: use g_assert_cmpint() and g_assert_cmpuint() Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 47/73] unit: fix recv() and send() return types Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 48/73] unit: use g_assert_null() Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 49/73] unit: use g_assert_cmpmem() Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 50/73] unit: use proper pointer to uint8_t in test_snep_read_recv_fragments() Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 51/73] unit: do not shadow global 'text' variable (-Wshadow) Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 52/73] unit: do not shadow global 'uri' " Krzysztof Kozlowski
2021-07-19 11:07 ` [linux-nfc] [neard][PATCH v2 53/73] unit: use proper format for integers (-Wformat) Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 54/73] unit: fix memory leaks in test-ndef-parse Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 55/73] unit: do not open-code freeing ndef message Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 56/73] unit: fix memory leaks in test-ndef-build Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 57/73] unit: fix memory leaks in test-snep-read error paths Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 58/73] unit: fix record memory leak in test-snep-read Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 59/73] unit: fix records GList " Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 60/73] unit: do not pass NULL to memcpy() Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 61/73] unit: do not search for headers locally where they do not exist Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 62/73] unit: remove duplicated invalid definitions in test-snep-read Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 63/73] unit: remove duplicated definitions in test-ndef-parse Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 64/73] unit: add few asserts in test-snep-read Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 65/73] HACKING: refine required packages Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 66/73] build: fix setting CFLAGS on dash shell (Alpine Linux) Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 67/73] build: add more compiler warnings Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 68/73] build: enable -Wshadow and -Wformat-signedness " Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 69/73] build: enable -Wformat=2 warnings Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 70/73] build: enable -Wunsafe-loop-optimizations and -Wstrict-overflow=2 warnings Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 71/73] build: fix missing usage of PIE check result Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 72/73] build: add support for GCC sanitizers (asan, lsan and ubsan) Krzysztof Kozlowski
2021-07-19 11:08 ` [linux-nfc] [neard][PATCH v2 73/73] AUTHORS: Mention Krzysztof Kozlowski's contributions Krzysztof Kozlowski
2021-07-19 11:21 ` [linux-nfc] Re: [neard][PATCH v2 00/73] combined fixes - warnings, memory leaks, memory corruption Krzysztof Kozlowski
2021-07-19 16:32   ` Mark Greer
2021-08-01 23:11 ` Mark Greer
2021-08-02  7:51   ` Krzysztof Kozlowski
2021-08-04  7:56     ` Krzysztof Kozlowski
2021-08-05 16:14       ` Mark Greer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210719110819.27340-13-krzysztof.kozlowski@canonical.com \
    --to=krzysztof.kozlowski@canonical.com \
    --cc=linux-nfc@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).