Make uuid_from_string() reject a string of the correct length but having a

non-hex digit in the last character.

Inspired by code in uuid_parse() from Ted Ts'o.

ok millert@

diff --git a/lib/libc/uuid/uuid_from_string.c b/lib/libc/uuid/uuid_from_string.c
index d8e2b5f..4989694 100644 (file)
--- a/lib/libc/uuid/uuid_from_string.c
+++ b/lib/libc/uuid/uuid_from_string.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uuid_from_string.c,v 1.2 2015/09/10 18:13:46 guenther Exp $   */
+/*     $OpenBSD: uuid_from_string.c,v 1.3 2021/08/30 20:41:33 krw Exp $        */
 /*     $NetBSD: uuid_from_string.c,v 1.1 2004/09/13 21:44:54 thorpej Exp $     */
 
 /*
@@ -30,6 +30,7 @@
  * $FreeBSD: src/lib/libc/uuid/uuid_from_string.c,v 1.2 2003/08/08 19:18:43 marcel Exp $
  */
 
+#include <ctype.h>
 #include <stdio.h>
 #include <string.h>
 #include <uuid.h>
@@ -68,8 +69,21 @@ uuid_from_string(const char *s, uuid_t *u, uint32_t *status)
         * The so called "old" UUIDs, which we don't support, have the form:
         *      0123456789ab.cd.ef.01.23.45.67.89.ab
         */
-       if (s[8] != '-')
-               return;
+       for (n = 0; n < UUID_STR_LEN; n++) {
+               switch (n) {
+               case 8:
+               case 13:
+               case 18:
+               case 23:
+                       if (s[n] != '-')
+                               return;
+                       break;
+               default:
+                       if (!isxdigit((unsigned char)(s[n])))
+                               return;
+                       break;
+               }
+       }
 
        n = sscanf(s,
            "%8x-%4hx-%4hx-%2hhx%2hhx-%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx",