diff options
Diffstat (limited to 'searchlib')
-rw-r--r-- | searchlib/src/tests/query/query-old.cpp | 5 | ||||
-rw-r--r-- | searchlib/src/vespa/searchlib/fef/termfieldmatchdata.cpp | 2 | ||||
-rw-r--r-- | searchlib/src/vespa/searchlib/query/queryterm.cpp | 8 |
3 files changed, 9 insertions, 6 deletions
diff --git a/searchlib/src/tests/query/query-old.cpp b/searchlib/src/tests/query/query-old.cpp index e8e0614f51a..204289ccf61 100644 --- a/searchlib/src/tests/query/query-old.cpp +++ b/searchlib/src/tests/query/query-old.cpp @@ -648,4 +648,9 @@ TEST("require that incorrectly specified diversity can be parsed") { EXPECT_FALSE(descending_query.isValid()); } +TEST("require that we do not f.. up the stack on bad query") { + QueryTermSimple term("<form><iframe+	 +src=\\\"javascript:alert(1)\\\" 	;>", QueryTerm::WORD); + EXPECT_FALSE(term.isValid()); +} + TEST_MAIN() { TEST_RUN_ALL(); } diff --git a/searchlib/src/vespa/searchlib/fef/termfieldmatchdata.cpp b/searchlib/src/vespa/searchlib/fef/termfieldmatchdata.cpp index 5c1b3df6f4e..7cfc6afa72d 100644 --- a/searchlib/src/vespa/searchlib/fef/termfieldmatchdata.cpp +++ b/searchlib/src/vespa/searchlib/fef/termfieldmatchdata.cpp @@ -1,8 +1,6 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. #include "termfieldmatchdata.h" -#include "fieldinfo.h" -#include <algorithm> namespace search::fef { diff --git a/searchlib/src/vespa/searchlib/query/queryterm.cpp b/searchlib/src/vespa/searchlib/query/queryterm.cpp index 694988ef74e..70cbcd37ee0 100644 --- a/searchlib/src/vespa/searchlib/query/queryterm.cpp +++ b/searchlib/src/vespa/searchlib/query/queryterm.cpp @@ -367,9 +367,9 @@ QueryTermSimple::QueryTermSimple(const string & term_, SearchTerm type) : { if (isFullRange(_term)) { stringref rest(_term.c_str() + 1, _term.size() - 2); - stringref parts[8]; + stringref parts[9]; size_t numParts(0); - while (! rest.empty() && (numParts < NELEMS(parts))) { + while (! rest.empty() && ((numParts + 1) < NELEMS(parts))) { size_t pos(rest.find(';')); if (pos != vespalib::string::npos) { parts[numParts++] = rest.substr(0, pos); @@ -382,8 +382,8 @@ QueryTermSimple::QueryTermSimple(const string & term_, SearchTerm type) : rest = stringref(); } } - _valid = (numParts >= 2); - if (numParts > 2) { + _valid = (numParts >= 2) && (numParts < NELEMS(parts)); + if (_valid && numParts > 2) { _rangeLimit = strtol(parts[2].c_str(), NULL, 0); if (numParts > 3) { _valid = (numParts >= 5); |