Remove NULs byte arrays passed to PostProcess (#14587)

PostProcess is supposed to be parsing and handling HTML
fragments, but on fuzzing it appears that there is a weird
issue with NUL elements that could cause a memory address
error in downstream libraries.

The simplest solution is to strip out the weird NULs - they
should not be there in any case and would be stripped out
anyway.

Signed-off-by: Andrew Thornton <art27@cantab.net>

diff --git a/modules/markup/html.go b/modules/markup/html.go
index 67aec7371c8ddb58d6c7e25987d0f3be58e31222..2c2feb0b34ef3e9f4d0cf0c7cb05b103859fd995 100644 (file)
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -324,8 +324,30 @@ func (ctx *postProcessCtx) postProcess(rawHTML []byte) ([]byte, error) {
 
        // give a generous extra 50 bytes
        res := make([]byte, 0, len(rawHTML)+50)
+
+       // prepend "<html><body>"
        res = append(res, "<html><body>"...)
-       res = append(res, rawHTML...)
+
+       // Strip out nuls - they're always invalid
+       start := bytes.IndexByte(rawHTML, '\000')
+       if start >= 0 {
+               res = append(res, rawHTML[:start]...)
+               start++
+               for start < len(rawHTML) {
+                       end := bytes.IndexByte(rawHTML[start:], '\000')
+                       if end < 0 {
+                               res = append(res, rawHTML[start:]...)
+                               break
+                       } else if end > 0 {
+                               res = append(res, rawHTML[start:start+end]...)
+                       }
+                       start += end + 1
+               }
+       } else {
+               res = append(res, rawHTML...)
+       }
+
+       // close the tags
        res = append(res, "</body></html>"...)
 
        // parse the HTML