diff options
| author | Richard Hughes <richard@hughsie.com> | 2015-12-16 11:48:39 +0000 |
|---|---|---|
| committer | Richard Hughes <richard@hughsie.com> | 2015-12-16 11:48:39 +0000 |
| commit | 2f037ff1d9d8787f92b4fb7598bc016f19ba7046 (patch) | |
| tree | 5eeb6af20ff8b6632fb3ada201585c864a98ec6a | |
| parent | 3c82370584dd9d99a4152aa6732a32401da6a13e (diff) | |
| download | appstream-glib-2f037ff1d9d8787f92b4fb7598bc016f19ba7046.tar.gz | |
Fix a crash when tokenizing a NULL string
| -rw-r--r-- | libappstream-glib/as-app-validate.c | 10 | ||||
| -rw-r--r-- | libappstream-glib/as-self-test.c | 10 | ||||
| -rw-r--r-- | libappstream-glib/as-utils.c | 22 |
3 files changed, 40 insertions, 2 deletions
diff --git a/libappstream-glib/as-app-validate.c b/libappstream-glib/as-app-validate.c index 1bd2638..cb31924 100644 --- a/libappstream-glib/as-app-validate.c +++ b/libappstream-glib/as-app-validate.c @@ -958,6 +958,14 @@ as_app_validate_license (const gchar *license_text, GError **error) g_auto(GStrv) licenses = NULL; licenses = as_utils_spdx_license_tokenize (license_text); + if (licenses == NULL) { + g_set_error (error, + AS_APP_ERROR, + AS_APP_ERROR_FAILED, + "SPDX license text '%s' could not be parsed", + license_text); + return FALSE; + } for (i = 0; licenses[i] != NULL; i++) { if (g_strcmp0 (licenses[i], "&") == 0 || g_strcmp0 (licenses[i], "|") == 0 || @@ -986,6 +994,8 @@ as_app_validate_is_content_license (const gchar *license) guint i; g_auto(GStrv) tokens = NULL; tokens = as_utils_spdx_license_tokenize (license); + if (tokens == NULL) + return FALSE; for (i = 0; tokens[i] != NULL; i++) { if (g_strcmp0 (tokens[i], "@CC0-1.0") == 0) continue; diff --git a/libappstream-glib/as-self-test.c b/libappstream-glib/as-self-test.c index 0730676..ea70ee5 100644 --- a/libappstream-glib/as-self-test.c +++ b/libappstream-glib/as-self-test.c @@ -3438,6 +3438,10 @@ as_test_utils_spdx_token_func (void) g_strfreev (tok); g_free (tmp); + /* invalid */ + tok = as_utils_spdx_license_tokenize (NULL); + g_assert (tok == NULL); + /* random */ tok = as_utils_spdx_license_tokenize ("Public Domain"); tmp = g_strjoinv (" ", tok); @@ -3480,6 +3484,10 @@ as_test_utils_spdx_token_func (void) g_strfreev (tok); g_free (tmp); + /* invalid tokens */ + tmp = as_utils_spdx_license_detokenize (NULL); + g_assert (tmp == NULL); + /* leading brackets */ tok = as_utils_spdx_license_tokenize ("(MPLv1.1 or LGPLv3+) and LGPLv3"); tmp = g_strjoinv (" ", tok); @@ -3508,6 +3516,8 @@ as_test_utils_spdx_token_func (void) g_assert (as_utils_is_spdx_license ("CC0 AND GFDL-1.3")); g_assert (as_utils_is_spdx_license ("NOASSERTION")); g_assert (!as_utils_is_spdx_license ("CC0 dave")); + g_assert (!as_utils_is_spdx_license ("")); + g_assert (!as_utils_is_spdx_license (NULL)); /* importing non-SPDX formats */ tmp = as_utils_license_to_spdx ("CC0 and (Public Domain and GPLv3+ with exceptions)"); diff --git a/libappstream-glib/as-utils.c b/libappstream-glib/as-utils.c index 7e8d71c..1cdf832 100644 --- a/libappstream-glib/as-utils.c +++ b/libappstream-glib/as-utils.c @@ -478,6 +478,10 @@ as_utils_is_spdx_license_id (const gchar *license_id) g_autoptr(GBytes) data = NULL; g_autofree gchar *key = NULL; + /* handle invalid */ + if (license_id == NULL || license_id[0] == '\0') + return FALSE; + /* this is used to map non-SPDX licence-ids to legitimate values */ if (g_str_has_prefix (license_id, "LicenseRef-")) return TRUE; @@ -673,7 +677,7 @@ as_utils_spdx_license_tokenize_drop (AsUtilsSpdxHelper *helper) * with "|". Brackets are added as indervidual tokens and other strings are * appended into single tokens where possible. * - * Returns: (transfer full): array of strings + * Returns: (transfer full): array of strings, or %NULL for invalid * * Since: 0.1.5 **/ @@ -683,6 +687,10 @@ as_utils_spdx_license_tokenize (const gchar *license) guint i; AsUtilsSpdxHelper helper; + /* handle invalid */ + if (license == NULL) + return NULL; + helper.last_token_literal = FALSE; helper.collect = g_string_new (""); helper.array = g_ptr_array_new_with_free_func (g_free); @@ -719,7 +727,7 @@ as_utils_spdx_license_tokenize (const gchar *license) * * De-tokenizes the SPDX licenses into a string. * - * Returns: (transfer full): string + * Returns: (transfer full): string, or %NULL for invalid * * Since: 0.2.5 **/ @@ -729,6 +737,10 @@ as_utils_spdx_license_detokenize (gchar **license_tokens) GString *tmp; guint i; + /* handle invalid */ + if (license_tokens == NULL) + return NULL; + tmp = g_string_new (""); for (i = 0; license_tokens[i] != NULL; i++) { if (g_strcmp0 (license_tokens[i], "&") == 0) { @@ -765,6 +777,10 @@ as_utils_is_spdx_license (const gchar *license) guint i; g_auto(GStrv) tokens = NULL; + /* handle nothing set */ + if (license == NULL || license[0] == '\0') + return FALSE; + /* no license information whatsoever */ if (g_strcmp0 (license, "NONE") == 0) return TRUE; @@ -774,6 +790,8 @@ as_utils_is_spdx_license (const gchar *license) return TRUE; tokens = as_utils_spdx_license_tokenize (license); + if (tokens == NULL) + return FALSE; for (i = 0; tokens[i] != NULL; i++) { if (tokens[i][0] == '@') { if (as_utils_is_spdx_license_id (tokens[i] + 1)) |