Test some more CONF edge cases
Ensure that, by rejecting "$foo", we didn't make it impossible to embed
"$" in a config file. Also test every allowed punctuation character in
CONF, non-ASCII characters, and empty values.
Change-Id: I55c3c02b357c6017adadf0deebe95f52244ac9d2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68287
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c
index 40e8ffb..d76ab89 100644
--- a/crypto/conf/conf.c
+++ b/crypto/conf/conf.c
@@ -233,7 +233,9 @@
break;
} else if (*from == '$') {
// Historically, $foo would expand to a previously-parsed value. This
- // feature has been removed as it was unused and is a DoS vector.
+ // feature has been removed as it was unused and is a DoS vector. If
+ // trying to embed '$' in a line, either escape it or wrap the value in
+ // quotes.
OPENSSL_PUT_ERROR(CONF, CONF_R_VARIABLE_EXPANSION_NOT_SUPPORTED);
goto err;
} else {
diff --git a/crypto/conf/conf_test.cc b/crypto/conf/conf_test.cc
index 544ac96..4905cb3 100644
--- a/crypto/conf/conf_test.cc
+++ b/crypto/conf/conf_test.cc
@@ -310,9 +310,57 @@
// Punctuation is allowed in key names.
{
- "key.1 = value\n",
+ "key!%&*+,-./;?@^_|~1 = value\n",
{
- {"default", {{"key.1", "value"}}},
+ {"default", {{"key!%&*+,-./;?@^_|~1", "value"}}},
+ },
+ },
+
+ // Only the first equals counts as a key/value separator.
+ {
+ "key======",
+ {
+ {"default", {{"key", "====="}}},
+ },
+ },
+
+ // Empty keys and empty values are allowed.
+ {
+ R"(
+[both_empty]
+=
+[empty_key]
+=value
+[empty_value]
+key=
+[equals]
+======
+[]
+empty=section
+)",
+ {
+ {"default", {}},
+ {"both_empty", {{"", ""}}},
+ {"empty_key", {{"", "value"}}},
+ {"empty_value", {{"key", ""}}},
+ {"equals", {{"", "====="}}},
+ {"", {{"empty", "section"}}},
+ },
+ },
+
+ // After the first equals, the value can freely contain more equals.
+ {
+ "key1 = \\$value1\nkey2 = \"$value2\"",
+ {
+ {"default", {{"key1", "$value1"}, {"key2", "$value2"}}},
+ },
+ },
+
+ // Non-ASCII bytes are allowed in values.
+ {
+ "key = \xe2\x98\x83",
+ {
+ {"default", {{"key", "\xe2\x98\x83"}}},
},
},
};