Properly validate invalid hex characters in JSONIO libraries

2023-10-03 13:03:40 +00:00 · 2018-02-28 10:44:48 +01:00 · 2018-02-28 10:44:48 +01:00 · 7897301b71
commit 7897301b71
parent 83fec0232d
2 changed files with 37 additions and 2 deletions
--- a/libsolidity/interface/StandardCompiler.cpp
+++ b/libsolidity/interface/StandardCompiler.cpp
@ -336,8 +336,20 @@ Json::Value StandardCompiler::compileInternal(Json::Value const& _input)
 		if (!jsonSourceName.isObject())
 			return formatFatalError("JSONError", "library entry is not a JSON object.");
 		for (auto const& library: jsonSourceName.getMemberNames())
-			// @TODO use libraries only for the given source
+		{
-			libraries[library] = h160(jsonSourceName[library].asString());
+			try
 			{
 				// @TODO use libraries only for the given source
 				libraries[library] = h160(jsonSourceName[library].asString());
 			}
 			catch (dev::BadHexCharacter)
 			{
 				return formatFatalError(
 					"JSONError",
 					"Invalid library address (\"" + jsonSourceName[library].asString() + "\") supplied."
 				);
 			}
 		}
 	}
 	m_compilerStack.setLibraries(libraries);
--- a/test/libsolidity/StandardCompiler.cpp
+++ b/test/libsolidity/StandardCompiler.cpp
@ -610,6 +610,29 @@ BOOST_AUTO_TEST_CASE(libraries_invalid_entry)
 	BOOST_CHECK(containsError(result, "JSONError", "library entry is not a JSON object."));
 }
 BOOST_AUTO_TEST_CASE(libraries_invalid_hex)
 {
 	char const* input = R"(
 	{
 		"language": "Solidity",
 		"settings": {
 			"libraries": {
 				"library.sol": {
 					"L": "0x4200000000000000000000000000000000000xx1"
 				}
 			}
 		},
 		"sources": {
 			"empty": {
 				"content": ""
 			}
 		}
 	}
 	)";
 	Json::Value result = compile(input);
 	BOOST_CHECK(containsError(result, "JSONError", "Invalid library address (\"0x4200000000000000000000000000000000000xx1\") supplied."));
 }
 BOOST_AUTO_TEST_CASE(libraries_various_addresses)
 {
 	char const* input = R"(