Merge pull request #6226

laanwj · laanwj · commit c7272a50bdc7 · 2015-06-03T15:13:36.000+02:00
4e157fc json: fail read_string if string contains trailing garbage (Wladimir J. van der Laan)
diff --git a/src/json/json_spirit_reader_template.h b/src/json/json_spirit_reader_template.h
@@ -521,12 +521,11 @@ namespace json_spirit
      
         const spirit_namespace::parse_info< Iter_type > info = 
                             spirit_namespace::parse( begin, end, 
-                                                    Json_grammer< Value_type, Iter_type >( semantic_actions ), 
+                                                    Json_grammer< Value_type, Iter_type >( semantic_actions ) >> spirit_namespace::end_p,
                                                     spirit_namespace::space_p );
 
         if( !info.hit )
         {
-            assert( false ); // in theory exception should already have been thrown
             throw_error( info.stop, "error" );
         }
 
@@ -570,7 +569,8 @@ namespace json_spirit
     {
         typename String_type::const_iterator begin = s.begin();
 
-        return read_range( begin, s.end(), value );
+        bool success = read_range( begin, s.end(), value );
+        return success && begin == s.end();
     }
 
     template< class Istream_type >
diff --git a/src/test/rpc_tests.cpp b/src/test/rpc_tests.cpp
@@ -140,6 +140,24 @@ BOOST_AUTO_TEST_CASE(rpc_parse_monetary_values)
     BOOST_CHECK_EQUAL(AmountFromValue(ValueFromString("20999999.99999999")), 2099999999999999LL);
 }
 
+BOOST_AUTO_TEST_CASE(json_parse_errors)
+{
+    Value value;
+    // Valid
+    BOOST_CHECK_EQUAL(read_string(std::string("1.0"), value), true);
+    // Valid, with trailing whitespace
+    BOOST_CHECK_EQUAL(read_string(std::string("1.0 "), value), true);
+    // Invalid, initial garbage
+    BOOST_CHECK_EQUAL(read_string(std::string("[1.0"), value), false);
+    BOOST_CHECK_EQUAL(read_string(std::string("a1.0"), value), false);
+    // Invalid, trailing garbage
+    BOOST_CHECK_EQUAL(read_string(std::string("1.0sds"), value), false);
+    BOOST_CHECK_EQUAL(read_string(std::string("1.0]"), value), false);
+    // BTC addresses should fail parsing
+    BOOST_CHECK_EQUAL(read_string(std::string("175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W"), value), false);
+    BOOST_CHECK_EQUAL(read_string(std::string("3J98t1WpEZ73CNmQviecrnyiWrnqRhWNL"), value), false);
+}
+
 BOOST_AUTO_TEST_CASE(rpc_boostasiotocnetaddr)
 {
     // Check IPv4 addresses

Original file line number	Diff line number	Diff line change
`@@ -521,12 +521,11 @@ namespace json_spirit`
`521`	`521`
`522`	`522`	`const spirit_namespace::parse_info< Iter_type > info =`
`523`	`523`	`spirit_namespace::parse( begin, end,`
`524`		`- Json_grammer< Value_type, Iter_type >( semantic_actions ),`
	`524`	`+ Json_grammer< Value_type, Iter_type >( semantic_actions ) >> spirit_namespace::end_p,`
`525`	`525`	`spirit_namespace::space_p );`
`526`	`526`
`527`	`527`	`if( !info.hit )`
`528`	`528`	`{`
`529`		`- assert( false ); // in theory exception should already have been thrown`
`530`	`529`	`throw_error( info.stop, "error" );`
`531`	`530`	`}`
`532`	`531`
`@@ -570,7 +569,8 @@ namespace json_spirit`
`570`	`569`	`{`
`571`	`570`	`typename String_type::const_iterator begin = s.begin();`
`572`	`571`
`573`		`- return read_range( begin, s.end(), value );`
	`572`	`+ bool success = read_range( begin, s.end(), value );`
	`573`	`+ return success && begin == s.end();`
`574`	`574`	`}`
`575`	`575`
`576`	`576`	`template< class Istream_type >`