From 4ed289b95a12514c4fefe3599dae8d22b5fcd304 Mon Sep 17 00:00:00 2001
From: Nickolay Olshevsky <o.nickolay@gmail.com>
Date: Sun, 28 Jul 2024 12:15:59 +0300
Subject: [PATCH] Do not allow too long verbatim strings, and check for EOF
 while reading them.

---
 src/sexp-input.cpp            |  8 ++++++++
 tests/src/exception-tests.cpp | 12 ++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/sexp-input.cpp b/src/sexp-input.cpp
index 8f9bc0b..3eb5446 100644
--- a/src/sexp-input.cpp
+++ b/src/sexp-input.cpp
@@ -219,7 +219,15 @@ void sexp_input_stream_t::scan_verbatim_string(sexp_simple_string_t &ss, uint32_
 
     // Some length is specified always, this is ensured by the caller's logic
     assert(length != std::numeric_limits<uint32_t>::max());
+    // We should not handle too large strings
+    if (length > 1024 * 1024) {
+        sexp_error(sexp_exception_t::error, "Too long verbatim string: %zu", length, 0, count);
+    }
     for (uint32_t i = 0; i < length; i++) {
+        if (next_char == EOF) {
+            sexp_error(sexp_exception_t::error,
+              "EOF while reading verbatim string", 0, 0, count);
+        }
         ss.append(next_char);
         get_char();
     }
diff --git a/tests/src/exception-tests.cpp b/tests/src/exception-tests.cpp
index 318b2b8..3b5646b 100644
--- a/tests/src/exception-tests.cpp
+++ b/tests/src/exception-tests.cpp
@@ -126,6 +126,18 @@ TEST_F(ExceptionTests, StringBadLength)
                            "SEXP ERROR: illegal character 'A' (0x41) at position 2");
 }
 
+TEST_F(ExceptionTests, StringTooLongTruncated)
+{
+    do_scan_with_exception("(982582599:",
+                           "SEXP ERROR: Too long verbatim string: 982582599 at position 11");
+}
+
+TEST_F(ExceptionTests, StringTruncated)
+{
+    do_scan_with_exception("(1024:",
+                           "SEXP ERROR: EOF while reading verbatim string at position 6");
+}
+
 TEST_F(ExceptionTests, DecimalTooLong)
 {
     do_scan_with_exception("(1234567890:AAABFCAD)",