[fixed] timeout in configuration lexer found by oss-fuzz (#1792)

* [fixed] timeout in configuration lexer found by oss-fuzz Peek followed by next resulted in an infinite loop when eof was not checked. I looked for all instances of this pattern and return an error when eof is not already checked or skip was used. Signed-off-by: Matthias Hanel <mh@synadia.com>
2026-04-02 03:38:42 -07:00 · 2021-01-05 20:07:19 -05:00
parent 4699779f72
commit 4649f9e691
2 changed files with 17 additions and 6 deletions
--- a/conf/lex.go
+++ b/conf/lex.go
@@ -666,8 +666,9 @@ func lexMapKeyStart(lx *lexer) stateFn {

 // lexMapQuotedKey consumes the text of a key between quotes.
 func lexMapQuotedKey(lx *lexer) stateFn {
-	r := lx.peek()
-	if r == sqStringEnd {
+	if r := lx.peek(); r == eof {
+		return lx.errorf("Unexpected EOF processing quoted map key.")
+	} else if r == sqStringEnd {
 		lx.emit(itemKey)
 		lx.next()
 		return lexSkip(lx, lexMapKeyEnd)
@@ -678,8 +679,9 @@ func lexMapQuotedKey(lx *lexer) stateFn {

 // lexMapQuotedKey consumes the text of a key between quotes.
 func lexMapDubQuotedKey(lx *lexer) stateFn {
-	r := lx.peek()
-	if r == dqStringEnd {
+	if r := lx.peek(); r == eof {
+		return lx.errorf("Unexpected EOF processing double quoted map key.")
+	} else if r == dqStringEnd {
 		lx.emit(itemKey)
 		lx.next()
 		return lexSkip(lx, lexMapKeyEnd)
@@ -691,8 +693,9 @@ func lexMapDubQuotedKey(lx *lexer) stateFn {
 // lexMapKey consumes the text of a key. Assumes that the first character (which
 // is not whitespace) has already been consumed.
 func lexMapKey(lx *lexer) stateFn {
-	r := lx.peek()
-	if unicode.IsSpace(r) {
+	if r := lx.peek(); r == eof {
+		return lx.errorf("Unexpected EOF processing map key.")
+	} else if unicode.IsSpace(r) {
 		// Spaces signal we could be looking at a keyword, e.g. include.
 		// Keywords will eat the keyword and set the appropriate return stateFn.
 		return lx.keyCheckKeyword(lexMapKeyEnd, lexMapValueEnd)