Opened 3 years ago

Closed 16 months ago

#11482 closed Bugs (fixed)

boost::uuids::string_generator accepts garbage input

Reported by: Jim King <jim.king@…> Owned by: James E. King, III
Milestone: Boost 1.66.0 Component: uuid
Version: Boost 1.53.0 Severity: Problem
Keywords: Cc:


One can pass a string in such as "01234567-89ab-cdef-0123456789abcdef-FOO" to boost::uuids::string_generator for construction and it will happily turn everything before the trailing non-guid information "-FOO" into a Guid, and not throw an exception. This appears to be a problem in not checking the end iterator at the end of operator()(iter, iter) before returning; at that point it should equal end(), otherwise there is garbage appended to the input.

The same code exists up through boost 1.58 in the string_generator.

Change History (4)

comment:1 Changed 3 years ago by Jim King <jim.king@…>

Here's a patch that resolves the issue:

--- a/boost/uuid/string_generator.hpp
+++ b/boost/uuid/string_generator.hpp
@@ -104,6 +104,11 @@ struct string_generator {
             check_close_brace(c, open_brace_char);
+        // Boost Trac 11482 - detect trailing garbage or unexpected data
+        if (begin != end) {
+            throw_invalid();
+        }
         return u;

comment:2 Changed 17 months ago by James E. King, III <jking@…>

comment:3 Changed 16 months ago by James E. King, III

Owner: changed from Andy Tompkins to James E. King, III

comment:4 Changed 16 months ago by James E. King, III

Milestone: To Be DeterminedBoost 1.66.0
Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.