[njs] Fixed decodeURI() and decodeURIComponent() with invalid byte strings.

Dmitry Volyntsev xeioex at nginx.com
Fri Oct 29 14:26:33 UTC 2021 

details:   https://hg.nginx.org/njs/rev/d2e23f936214
branches:  
changeset: 1731:d2e23f936214
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Fri Oct 29 13:57:26 2021 +0000
description:
Fixed decodeURI() and decodeURIComponent() with invalid byte strings.

The issue was introduced in 855edd76bdb6 (0.4.3).

This closes #435 issue on Github.

diffstat:

 src/njs_string.c         |  13 +++++++------
 src/test/njs_unit_test.c |   3 +++
 2 files changed, 10 insertions(+), 6 deletions(-)

diffs (66 lines):

diff -r 264fb92817cd -r d2e23f936214 src/njs_string.c
--- a/src/njs_string.c	Tue Oct 26 16:14:07 2021 +0300
+++ b/src/njs_string.c	Fri Oct 29 13:57:26 2021 +0000
@@ -4496,26 +4496,27 @@ njs_string_decode_uri_cp(const int8_t *h
 
     cp = njs_utf8_decode(&ctx, start, end);
     if (njs_fast_path(cp != '%')) {
-        return expect_percent ? 0xFFFFFFFF: cp;
+        return expect_percent ? NJS_UNICODE_ERROR : cp;
     }
 
     p = *start;
 
     if (njs_slow_path((p + 1) >= end)) {
-        return 0xFFFFFFFF;
+        return NJS_UNICODE_ERROR;
     }
 
     d0 = hex[*p++];
     if (njs_slow_path(d0 < 0)) {
-        return 0xFFFFFFFF;
+        return NJS_UNICODE_ERROR;
     }
 
     d1 = hex[*p++];
     if (njs_slow_path(d1 < 0)) {
-        return 0xFFFFFFFF;
+        return NJS_UNICODE_ERROR;
     }
 
     *start += 2;
+
     return (d0 << 4) + d1;
 }
 
@@ -4631,7 +4632,7 @@ njs_string_decode_uri(njs_vm_t *vm, njs_
     while (src < end) {
         percent = (src[0] == '%');
         cp = njs_string_decode_uri_cp(hex, &src, end, 0);
-        if (njs_slow_path(cp == 0xFFFFFFFF)) {
+        if (njs_slow_path(cp > NJS_UNICODE_MAX_CODEPOINT)) {
             goto uri_error;
         }
 
@@ -4677,7 +4678,7 @@ njs_string_decode_uri(njs_vm_t *vm, njs_
 
         for (i = 1; i < n; i++) {
             cp = njs_string_decode_uri_cp(hex, &src, end, 1);
-            if (njs_slow_path(cp == 0xFFFFFFFF)) {
+            if (njs_slow_path(cp > NJS_UNICODE_MAX_CODEPOINT)) {
                 goto uri_error;
             }
 
diff -r 264fb92817cd -r d2e23f936214 src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c	Tue Oct 26 16:14:07 2021 +0300
+++ b/src/test/njs_unit_test.c	Fri Oct 29 13:57:26 2021 +0000
@@ -9209,6 +9209,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("decodeURI('%D0%B0%D0%B1%D0%B2').length"),
       njs_str("3")},
 
+    { njs_str("decodeURI(String.bytesFrom([0x80,0x80]))"),
+      njs_str("URIError: malformed URI")},
+
     { njs_str("["
               " '%',"
               " '%0',"

More information about the nginx-devel mailing list