From dd9c654019aa4fc8840085917be7f3243fd452fc Mon Sep 17 00:00:00 2001 From: "Randall S. Becker" Date: Thu, 8 Aug 2024 07:28:26 -0400 Subject: [PATCH] Add guard code to prevent the use of NULL pointers in emitter.c This is related to CVE-2024-35326 Fixes #301 Signed-off-by: Randall S. Becker --- src/emitter.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/emitter.c b/src/emitter.c index 609b28a4..28bcd11b 100644 --- a/src/emitter.c +++ b/src/emitter.c @@ -391,7 +391,9 @@ yaml_emitter_append_tag_directive(yaml_emitter_t *emitter, error: yaml_free(copy.handle); + copy.handle = NULL; yaml_free(copy.prefix); + copy.prefix = NULL; return 0; } @@ -727,7 +729,9 @@ yaml_emitter_emit_document_end(yaml_emitter_t *emitter, yaml_tag_directive_t tag_directive = POP(emitter, emitter->tag_directives); yaml_free(tag_directive.handle); + tag_directive.handle = NULL; yaml_free(tag_directive.prefix); + tag_directive.prefix = NULL; } return 1; @@ -1812,6 +1816,8 @@ yaml_emitter_write_indicator(yaml_emitter_t *emitter, size_t indicator_length; yaml_string_t string; + if (!indicator) + return 0; indicator_length = strlen(indicator); STRING_ASSIGN(string, (yaml_char_t *)indicator, indicator_length); @@ -1834,6 +1840,9 @@ yaml_emitter_write_anchor(yaml_emitter_t *emitter, yaml_char_t *value, size_t length) { yaml_string_t string; + if (!value || length < 1) + return 0; + STRING_ASSIGN(string, value, length); while (string.pointer != string.end) { @@ -1851,6 +1860,9 @@ yaml_emitter_write_tag_handle(yaml_emitter_t *emitter, yaml_char_t *value, size_t length) { yaml_string_t string; + + if (!value || length < 1) + return 0; STRING_ASSIGN(string, value, length); if (!emitter->whitespace) { @@ -1873,6 +1885,9 @@ yaml_emitter_write_tag_content(yaml_emitter_t *emitter, int need_whitespace) { yaml_string_t string; + + if (!value || length < 1) + return 0; STRING_ASSIGN(string, value, length); if (need_whitespace && !emitter->whitespace) { @@ -1923,6 +1938,9 @@ yaml_emitter_write_plain_scalar(yaml_emitter_t *emitter, int spaces = 0; int breaks = 0; + if (!value || length < 1) + return 0; + STRING_ASSIGN(string, value, length); /** @@ -1989,6 +2007,9 @@ yaml_emitter_write_single_quoted_scalar(yaml_emitter_t *emitter, int spaces = 0; int breaks = 0; + if (!value || length < 1) + return 0; + STRING_ASSIGN(string, value, length); if (!yaml_emitter_write_indicator(emitter, "'", 1, 0, 0)) @@ -2054,6 +2075,8 @@ yaml_emitter_write_double_quoted_scalar(yaml_emitter_t *emitter, yaml_string_t string; int spaces = 0; + if (!value || length < 1) + return 0; STRING_ASSIGN(string, value, length); if (!yaml_emitter_write_indicator(emitter, "\"", 1, 0, 0)) @@ -2268,6 +2291,8 @@ yaml_emitter_write_literal_scalar(yaml_emitter_t *emitter, yaml_string_t string; int breaks = 1; + if (!value || length < 1) + return 0; STRING_ASSIGN(string, value, length); if (!yaml_emitter_write_indicator(emitter, "|", 1, 0, 0)) @@ -2308,6 +2333,8 @@ yaml_emitter_write_folded_scalar(yaml_emitter_t *emitter, int breaks = 1; int leading_spaces = 1; + if (!value || length < 1) + return 0; STRING_ASSIGN(string, value, length); if (!yaml_emitter_write_indicator(emitter, ">", 1, 0, 0))