fix-CVE-2017-11692

author Simon Quigley <tsimonq2@debian.org>

Thu, 26 Aug 2021 22:24:06 +0000 (23:24 +0100)

committer Raspbian forward porter <root@raspbian.org>

Thu, 26 Aug 2021 22:24:06 +0000 (23:24 +0100)
author Simon Quigley <tsimonq2@debian.org>
Thu, 26 Aug 2021 22:24:06 +0000 (23:24 +0100)
committer Raspbian forward porter <root@raspbian.org>
Thu, 26 Aug 2021 22:24:06 +0000 (23:24 +0100)
diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp

index be82741531ae3f17f6848531d0b0b09d75fa3193..dd333b38978b0c697c5dbaaaad820465aaeabfa2 100644 (file)
--- a/src/singledocparser.cpp
+++ b/src/singledocparser.cpp
@@ -79,6 +79,12 @@ void SingleDocParser::HandleNode(EventHandler& eventHandler) {
    if (!anchor_name.empty())
      eventHandler.OnAnchor(mark, anchor_name);
  
+  // after parsing properties, an empty node is again a possibility
+  if (m_scanner.empty()) {
+    eventHandler.OnNull(mark, anchor);
+    return;
+  }
+
    const Token& token = m_scanner.peek();
  
    if (token.type == Token::PLAIN_SCALAR && IsNullString(token.value)) {
diff --git a/test/integration/load_node_test.cpp b/test/integration/load_node_test.cpp

index 4f4f28e8e203053a25623e8b3f976c592e5ccb53..0e0dd6bc56617ed8d91e25cd47de6bd0478dc5ea 100644 (file)
--- a/test/integration/load_node_test.cpp
+++ b/test/integration/load_node_test.cpp
@@ -257,5 +257,10 @@ TEST(NodeTest, LoadTagWithParenthesis) {
      EXPECT_EQ(node.as<std::string>(), "foo");
  }
  
+TEST(NodeTest, LoadTagWithNullScalar) {
+  Node node = Load("!2");
+  EXPECT_TRUE(node.IsNull());
+}
+
  }  // namespace
  }  // namespace YAML
author	Simon Quigley <tsimonq2@debian.org>
	Thu, 26 Aug 2021 22:24:06 +0000 (23:24 +0100)
committer	Raspbian forward porter <root@raspbian.org>
	Thu, 26 Aug 2021 22:24:06 +0000 (23:24 +0100)
src/singledocparser.cpp		patch \| blob \| history
test/integration/load_node_test.cpp		patch \| blob \| history