Opened 7 years ago
Closed 5 years ago
#11482 closed Bugs (fixed)
boost::uuids::string_generator accepts garbage input
| Reported by: | Owned by: | James E. King, III | |
|---|---|---|---|
| Milestone: | Boost 1.66.0 | Component: | uuid |
| Version: | Boost 1.53.0 | Severity: | Problem |
| Keywords: | Cc: |
Description
One can pass a string in such as "01234567-89ab-cdef-0123456789abcdef-FOO" to boost::uuids::string_generator for construction and it will happily turn everything before the trailing non-guid information "-FOO" into a Guid, and not throw an exception. This appears to be a problem in not checking the end iterator at the end of operator()(iter, iter) before returning; at that point it should equal end(), otherwise there is garbage appended to the input.
The same code exists up through boost 1.58 in the string_generator.
Change History (4)
comment:1 by , 7 years ago
comment:3 by , 5 years ago
| Owner: | changed from to |
|---|
comment:4 by , 5 years ago
| Milestone: | To Be Determined → Boost 1.66.0 |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Here's a patch that resolves the issue:
--- a/boost/uuid/string_generator.hpp +++ b/boost/uuid/string_generator.hpp @@ -104,6 +104,11 @@ struct string_generator { check_close_brace(c, open_brace_char); } + // Boost Trac 11482 - detect trailing garbage or unexpected data + if (begin != end) { + throw_invalid(); + } + return u; }