json.c: Fail on bad escape string.

author: Gary E. Miller <gem@rellim.com> 2018-06-14 19:21:36 -0700
committer: Gary E. Miller <gem@rellim.com> 2018-06-14 19:24:54 -0700
commit: 9b3724cb7bca7a0776bcb9b054cd1d8d736278a4 (patch)
tree: a2f0ebc33d986e57080a91ce96ed522f937f3e7e /json.c
parent: 317375877576b10fd5312a7b0dec4a192881eead (diff)
download: gpsd-9b3724cb7bca7a0776bcb9b054cd1d8d736278a4.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/json.c b/json.c
index 6f444c18..5c4dd3de 100644
--- a/json.c
+++ b/json.c
@@ -396,8 +396,9 @@ static int json_internal_read_object(const char *cp,
 		    uescape[n] = *cp++;
 		uescape[n] = '\0';      /* terminate */
 		--cp;
-		(void)sscanf(uescape, "%04x", &u);
-		*pval++ = (char)u;	/* will truncate values above 0xff */
+		if (1 != sscanf(uescape, "%4x", &u))
+		    return JSON_ERR_BADSTRING;
+		*pval++ = (char)u;  /* will truncate values above 0xff */
 		break;
 	    default:		/* handles double quote and solidus */
 		*pval++ = *cp;
author	Gary E. Miller <gem@rellim.com>	2018-06-14 19:21:36 -0700
committer	Gary E. Miller <gem@rellim.com>	2018-06-14 19:24:54 -0700
commit	9b3724cb7bca7a0776bcb9b054cd1d8d736278a4 (patch)
tree	a2f0ebc33d986e57080a91ce96ed522f937f3e7e /json.c
parent	317375877576b10fd5312a7b0dec4a192881eead (diff)
download	gpsd-9b3724cb7bca7a0776bcb9b054cd1d8d736278a4.tar.gz