1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00

Fix #3130: Crash at fuzzing target replacer (#3133)

* Fix #3130: Crash at fuzzing target replacer

* Add additional test case based on fuzzer feedback
This commit is contained in:
Bill Glover 2020-03-11 22:12:00 +00:00 committed by GitHub
parent 90f1f7bce7
commit cfe85a9fe6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions

View file

@ -124,6 +124,8 @@ func (r *Replacer) replace(input, empty string,
// iterate the input to find each placeholder
var lastWriteCursor int
scan:
for i := 0; i < len(input); i++ {
// check for escaped braces
@ -145,7 +147,11 @@ func (r *Replacer) replace(input, empty string,
// if necessary look for the first closing brace that is not escaped
for end > 0 && end < len(input)-1 && input[end-1] == phEscape {
end = strings.Index(input[end+1:], string(phClose)) + end + 1
nextEnd := strings.Index(input[end+1:], string(phClose))
if nextEnd < 0 {
continue scan
}
end += nextEnd + 1
}
// write the substring from the last cursor to this point

View file

@ -156,6 +156,14 @@ func TestReplacer(t *testing.T) {
input: `\{'group':'default','max_age':3600,'endpoints':[\{'url':'https://some.domain.local/a/d/g'\}],'include_subdomains':true\}`,
expect: `{'group':'default','max_age':3600,'endpoints':[{'url':'https://some.domain.local/a/d/g'}],'include_subdomains':true}`,
},
{
input: `{}{}{}{\\\\}\\\\`,
expect: `{\\\}\\\\`,
},
{
input: string([]byte{0x26, 0x00, 0x83, 0x7B, 0x84, 0x07, 0x5C, 0x7D, 0x84}),
expect: string([]byte{0x26, 0x00, 0x83, 0x7B, 0x84, 0x07, 0x7D, 0x84}),
},
} {
actual := rep.ReplaceAll(tc.input, tc.empty)
if actual != tc.expect {