Boost C++ Libraries: Ticket #11482: boost::uuids::string_generator accepts garbage input https://svn.boost.org/trac10/ticket/11482 <p> One can pass a string in such as "01234567-89ab-cdef-0123456789abcdef-FOO" to boost::uuids::string_generator for construction and it will happily turn everything before the trailing non-guid information "-FOO" into a Guid, and not throw an exception. This appears to be a problem in not checking the end iterator at the end of operator()(iter, iter) before returning; at that point it should equal end(), otherwise there is garbage appended to the input. </p> <p> The same code exists up through boost 1.58 in the string_generator. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/11482 Trac 1.4.3 Jim King <jim.king@…> Fri, 17 Jul 2015 21:30:25 GMT <link>https://svn.boost.org/trac10/ticket/11482#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/11482#comment:1</guid> <description> <p> Here's a patch that resolves the issue: </p> <pre class="wiki">--- a/boost/uuid/string_generator.hpp +++ b/boost/uuid/string_generator.hpp @@ -104,6 +104,11 @@ struct string_generator { check_close_brace(c, open_brace_char); } + // Boost Trac 11482 - detect trailing garbage or unexpected data + if (begin != end) { + throw_invalid(); + } + return u; } </pre> </description> <category>Ticket</category> </item> <item> <author>James E. King, III <jking@…></author> <pubDate>Thu, 03 Aug 2017 16:14:12 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/11482#comment:2 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/11482#comment:2</guid> <description> <p> Pull request out: see <a class="ext-link" href="https://github.com/boostorg/uuid/pull/17"><span class="icon">​</span>https://github.com/boostorg/uuid/pull/17</a> </p> </description> <category>Ticket</category> </item> <item> <dc:creator>James E. King, III</dc:creator> <pubDate>Sat, 12 Aug 2017 23:10:00 GMT</pubDate> <title>owner changed https://svn.boost.org/trac10/ticket/11482#comment:3 https://svn.boost.org/trac10/ticket/11482#comment:3 <ul> <li><strong>owner</strong> changed from <span class="trac-author">Andy Tompkins</span> to <span class="trac-author">James E. King, III</span> </li> </ul> Ticket James E. King, III Sat, 12 Aug 2017 23:10:13 GMT status, milestone changed; resolution set https://svn.boost.org/trac10/ticket/11482#comment:4 https://svn.boost.org/trac10/ticket/11482#comment:4 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">fixed</span> </li> <li><strong>milestone</strong> <span class="trac-field-old">To Be Determined</span> → <span class="trac-field-new">Boost 1.66.0</span> </li> </ul> Ticket