I noticed a problem in the url_decode function at https://github.com/bl4ck5un/Town-Crier/blob/master/src/Enclave/scrapers/scraper_utils.cpp#L91 in that the function does not verify the input chars of a hex escape are valid hex. As a result from_hex may end up calling tolower with out of range values; tolower requires that its input be representable by either unsigned char or EOF, and may fail (eg crash or cause undefined behavior) if called with inputs out side of that range. For instance ISTR on some versions of Visual C++, tolower(-1) would reference an invalid address and crash.
For example url_decode("%\xFF\x85") should probably be rejected as an invalid hex escape.
As best I can tell the url_decode function is not currently used anywhere, so no direct security impact.
I noticed a problem in the url_decode function at https://github.com/bl4ck5un/Town-Crier/blob/master/src/Enclave/scrapers/scraper_utils.cpp#L91 in that the function does not verify the input chars of a hex escape are valid hex. As a result
from_hexmay end up callingtolowerwith out of range values;tolowerrequires that its input be representable by either unsigned char or EOF, and may fail (eg crash or cause undefined behavior) if called with inputs out side of that range. For instance ISTR on some versions of Visual C++, tolower(-1) would reference an invalid address and crash.For example
url_decode("%\xFF\x85")should probably be rejected as an invalid hex escape.As best I can tell the
url_decodefunction is not currently used anywhere, so no direct security impact.