hcl: error if we scan a null char before end of input text

This was allowing very strange input to be allowed through to Terraform since some encryped output will contain null characters (such as from git crypt).
syl20bnr · Nov 22, 2016 · d02cd46 · d02cd46
1 parent c3e054b
commit d02cd46
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 0 deletions.
diff --git a/decoder_test.go b/decoder_test.go
@@ -379,6 +379,12 @@ func TestDecode_interface(t *testing.T) {
  },
  },
  },
+
+ {
+ "git_crypt.hcl",
+ true,
+ nil,
+ },
  }
 
  for _, tc := range cases {

diff --git a/hcl/parser/parser_test.go b/hcl/parser/parser_test.go
@@ -504,6 +504,10 @@ func TestParse(t *testing.T) {
  "object_key_assign_without_value3.hcl",
  true,
  },
+ {
+ "git_crypt.hcl",
+ true,
+ },
  }
 
  const fixtureDir = "./test-fixtures"

diff --git a/hcl/parser/test-fixtures/git_crypt.hcl b/hcl/parser/test-fixtures/git_crypt.hcl
diff --git a/hcl/scanner/scanner.go b/hcl/scanner/scanner.go
@@ -95,6 +95,12 @@ func (s *Scanner) next() rune {
  s.srcPos.Column = 0
  }
 
+ // If we see a null character with data left, then that is an error
+ if ch == '\x00' && s.buf.Len() > 0 {
+ s.err("unexpected null character (0x00)")
+ return eof
+ }
+
  // debug
  // fmt.Printf("ch: %q, offset:column: %d:%d\n", ch, s.srcPos.Offset, s.srcPos.Column)
  return ch

diff --git a/test-fixtures/git_crypt.hcl b/test-fixtures/git_crypt.hcl