Files
freeswitch/src
Peter Wu 48d6a5f6a8 switch_xml_decode: avoid NUL injection
strtol can parse negative values which opens the hole for a NUL
injection. The (invalid) entity "&#-256;" is parsed as 0xFFFFFF00 which
(when casted to a char) becomes 0.

Avoid this attack by using unsigned long integers. To avoid undefined
behavior due to negative shifts, restrict the upper bound of the code
points to the UTF-8 limits. (Add an assertion to make the Clang static
analyzer happy.)

Note: due to the specification of strtol, leading spaces and minus/plus
signs are also allowed, explicitly check for an integer. "&#0x1;" is
still accepted, but that is considered a minor issue.
2015-11-08 18:32:04 +01:00
..
2015-09-14 13:30:08 -05:00
2015-06-23 14:43:16 -04:00
2015-09-14 13:30:08 -05:00
2015-06-12 23:55:29 -05:00
2015-09-14 13:30:08 -05:00
2015-09-15 22:35:29 -05:00
2015-06-12 23:55:29 -05:00
2015-09-09 21:39:41 +00:00