Commit 3e0a0e15 authored by Naoki Kambe's avatar Naoki Kambe

[trac929]

 consideration for buffer overflow
  - use std::vector<char> instead of char[]
  - use strncmp() instead of strcmp()
  - shorten length of char array for the buffer
    (not directly related to buffer overflow)

 add more unittests for some wrong type formats into both c++ and python codes
 (unittests for the previous change git e9620e0d9dd3d967bcfb99562f13848c70538a44)
  - date-time-type format not ending with "Z"
  - date-type format ending with "T"
  - time-type format ending with "Z"
parent 93a7f7d1
...@@ -103,15 +103,15 @@ check_format(ConstElementPtr value, ConstElementPtr format_name) { ...@@ -103,15 +103,15 @@ check_format(ConstElementPtr value, ConstElementPtr format_name) {
BOOST_FOREACH (const format_types::value_type& f, time_formats) { BOOST_FOREACH (const format_types::value_type& f, time_formats) {
if (format_name->stringValue() == f.first) { if (format_name->stringValue() == f.first) {
struct tm tm; struct tm tm;
char buf[255] = ""; std::vector<char> buf(32);
memset(&tm, 0, sizeof(tm)); memset(&tm, 0, sizeof(tm));
// reverse check // reverse check
return (strptime(value->stringValue().c_str(), return (strptime(value->stringValue().c_str(),
f.second.c_str(), &tm) != NULL f.second.c_str(), &tm) != NULL
&& strftime(buf, sizeof(buf), && strftime(&buf[0], buf.size(),
f.second.c_str(), &tm) != 0 f.second.c_str(), &tm) != 0
&& strcmp(value->stringValue().c_str(), && strncmp(value->stringValue().c_str(),
buf) == 0); &buf[0], buf.size()) == 0);
} }
} }
return (false); return (false);
......
...@@ -358,6 +358,19 @@ TEST(ModuleSpec, CheckFormat) { ...@@ -358,6 +358,19 @@ TEST(ModuleSpec, CheckFormat) {
item_format = "\"item_format\": \"time\""; item_format = "\"item_format\": \"time\"";
specs.push_back("," + item_default + item_format); specs.push_back("," + item_default + item_format);
// wrong date-time-type format not ending with "Z"
item_default = "\"item_default\": \"2011-05-27T19:42:57\",";
item_format = "\"item_format\": \"date-time\"";
specs.push_back("," + item_default + item_format);
// wrong date-type format ending with "T"
item_default = "\"item_default\": \"2011-05-27T\",";
item_format = "\"item_format\": \"date\"";
specs.push_back("," + item_default + item_format);
// wrong time-type format ending with "Z"
item_default = "\"item_default\": \"19:42:57Z\",";
item_format = "\"item_format\": \"time\"";
specs.push_back("," + item_default + item_format);
BOOST_FOREACH(std::string s, specs) { BOOST_FOREACH(std::string s, specs) {
el = Element::fromJSON(json_begin + s + json_end)->get("module_spec"); el = Element::fromJSON(json_begin + s + json_end)->get("module_spec");
EXPECT_THROW(ModuleSpec(el, true), ModuleSpecError); EXPECT_THROW(ModuleSpec(el, true), ModuleSpecError);
......
...@@ -352,6 +352,12 @@ class TestModuleSpec(unittest.TestCase): ...@@ -352,6 +352,12 @@ class TestModuleSpec(unittest.TestCase):
self.assertFalse(isc.config.module_spec._check_format('', 'date-time')) self.assertFalse(isc.config.module_spec._check_format('', 'date-time'))
self.assertFalse(isc.config.module_spec._check_format(None, 'date-time')) self.assertFalse(isc.config.module_spec._check_format(None, 'date-time'))
self.assertFalse(isc.config.module_spec._check_format(None, None)) self.assertFalse(isc.config.module_spec._check_format(None, None))
# wrong date-time-type format not ending with "Z"
self.assertFalse(isc.config.module_spec._check_format('2011-05-27T19:42:57', 'date-time'))
# wrong date-type format ending with "T"
self.assertFalse(isc.config.module_spec._check_format('2011-05-27T', 'date'))
# wrong time-type format ending with "Z"
self.assertFalse(isc.config.module_spec._check_format('19:42:57Z', 'time'))
def test_validate_type(self): def test_validate_type(self):
errors = [] errors = []
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment