Google Git
Sign in
boringssl / boringssl / b17231cdb9ec4e877b470c57d3280d9195811cd9^! / .
commitb17231cdb9ec4e877b470c57d3280d9195811cd9[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sun May 05 10:32:29 2024 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue May 07 17:32:31 2024 +0000
tree0b7f182d396a25d10859a527ee9d55e3ce20bddc
parent3e89a7e8db8139db356b892ca9993172346c80cf [diff]
Test some more CONF edge cases

Ensure that, by rejecting "$foo", we didn't make it impossible to embed
"$" in a config file. Also test every allowed punctuation character in
CONF, non-ASCII characters, and empty values.

Change-Id: I55c3c02b357c6017adadf0deebe95f52244ac9d2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68287
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c
index 40e8ffb..d76ab89 100644
--- a/crypto/conf/conf.c
+++ b/crypto/conf/conf.c

@@ -233,7 +233,9 @@
       break;
     } else if (*from == '$') {
       // Historically, $foo would expand to a previously-parsed value. This
-      // feature has been removed as it was unused and is a DoS vector.
+      // feature has been removed as it was unused and is a DoS vector. If
+      // trying to embed '$' in a line, either escape it or wrap the value in
+      // quotes.
       OPENSSL_PUT_ERROR(CONF, CONF_R_VARIABLE_EXPANSION_NOT_SUPPORTED);
       goto err;
     } else {

diff --git a/crypto/conf/conf_test.cc b/crypto/conf/conf_test.cc
index 544ac96..4905cb3 100644
--- a/crypto/conf/conf_test.cc
+++ b/crypto/conf/conf_test.cc

@@ -310,9 +310,57 @@
 
       // Punctuation is allowed in key names.
       {
-          "key.1 = value\n",
+          "key!%&*+,-./;?@^_|~1 = value\n",
           {
-              {"default", {{"key.1", "value"}}},
+              {"default", {{"key!%&*+,-./;?@^_|~1", "value"}}},
+          },
+      },
+
+      // Only the first equals counts as a key/value separator.
+      {
+          "key======",
+          {
+              {"default", {{"key", "====="}}},
+          },
+      },
+
+      // Empty keys and empty values are allowed.
+      {
+          R"(
+[both_empty]
+=
+[empty_key]
+=value
+[empty_value]
+key=
+[equals]
+======
+[]
+empty=section
+)",
+          {
+              {"default", {}},
+              {"both_empty", {{"", ""}}},
+              {"empty_key", {{"", "value"}}},
+              {"empty_value", {{"key", ""}}},
+              {"equals", {{"", "====="}}},
+              {"", {{"empty", "section"}}},
+          },
+      },
+
+      // After the first equals, the value can freely contain more equals.
+      {
+          "key1 = \\$value1\nkey2 = \"$value2\"",
+          {
+              {"default", {{"key1", "$value1"}, {"key2", "$value2"}}},
+          },
+      },
+
+      // Non-ASCII bytes are allowed in values.
+      {
+          "key = \xe2\x98\x83",
+          {
+              {"default", {{"key", "\xe2\x98\x83"}}},
           },
       },
   };