1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 Mon Sep 17 00:00:00 2001
From: Michal Vasko <mvasko@cesnet.cz>
Date: Tue, 18 Jul 2023 10:41:21 +0000
Subject: [PATCH] parser common BUGFIX handle missing YANG strings
Fixes #1987
CVE: CVE-2023-26917
Upstream-Status:
Backport[https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
src/parser_stmt.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/parser_stmt.c b/src/parser_stmt.c
index 81ccbfca6..2ebf822ab 100644
--- a/src/parser_stmt.c
+++ b/src/parser_stmt.c
@@ -52,6 +52,16 @@ lysp_stmt_validate_value(struct lys_parser_ctx *ctx, enum yang_arg val_type, con
uint32_t c;
size_t utf8_char_len;
+ if (!val) {
+ if (val_type == Y_MAYBE_STR_ARG) {
+ /* fine */
+ return LY_SUCCESS;
+ }
+
+ LOGVAL_PARSER(ctx, LYVE_SYNTAX, "Missing an expected string.");
+ return LY_EVALID;
+ }
+
while (*val) {
LY_CHECK_ERR_RET(ly_getutf8(&val, &c, &utf8_char_len),
LOGVAL_PARSER(ctx, LY_VCODE_INCHAR, (val)[-utf8_char_len]), LY_EVALID);
--
2.35.5
|
