Verify that there are no null-bytes in input

rlidwka · rlidwka · commit 33c2236d702f · 2019-11-04T21:39:44.000+03:00
diff --git a/lib/js-yaml/loader.js b/lib/js-yaml/loader.js
@@ -1569,6 +1569,13 @@ function loadDocuments(input, options) {
 
   var state = new State(input, options);
 
+  var nullpos = input.indexOf('\0');
+
+  if (nullpos !== -1) {
+    state.position = nullpos;
+    throwError(state, 'null byte is not allowed in input');
+  }
+
   // Use 0 as string terminator. That significantly simplifies bounds check.
   state.input += '\0';
 
diff --git a/test/issues/0525-1.js b/test/issues/0525-1.js
@@ -0,0 +1,16 @@
+'use strict';
+
+
+var assert = require('assert');
+var yaml   = require('../../');
+
+
+test('Should throw if there is a null-byte in input', function () {
+  try {
+    yaml.safeLoad('foo\0bar');
+  } catch (err) {
+    assert(err.stack.startsWith('YAMLException: null byte is not allowed in input'));
+    return;
+  }
+  assert.fail(null, null, 'Expected an error to be thrown');
+});
