diff options
| author | Dmitry Janushkevich <gauri@tut.by> | 2016-05-02 13:59:26 +0200 |
|---|---|---|
| committer | Administrator <gauri@tut.by> | 2016-05-03 10:22:06 +0200 |
| commit | 64ce0ad3731ebd77e02897b07920eadd0e2cc318 (patch) | |
| tree | c62094087ae441d6cb94cb20a3e2376dcdbaaf31 /src/load.c | |
| parent | 087ed94c452ecade26447c14605cd419e970cfd2 (diff) | |
| download | jansson-64ce0ad3731ebd77e02897b07920eadd0e2cc318.zip jansson-64ce0ad3731ebd77e02897b07920eadd0e2cc318.tar.gz jansson-64ce0ad3731ebd77e02897b07920eadd0e2cc318.tar.bz2 | |
Fix for issue #282
The fix limits recursion depths when parsing arrays and objects.
The limit is configurable via the `JSON_PARSER_MAX_DEPTH` setting
within `jansson_config.h` and is set by default to 2048.
Update the RFC conformance document to note the limit; the RFC
allows limits to be set by the implementation so nothing has
actually changed w.r.t. conformance state.
Reported by Gustavo Grieco.
Diffstat (limited to 'src/load.c')
| -rw-r--r-- | src/load.c | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -62,6 +62,7 @@ typedef struct { stream_t stream; strbuffer_t saved_text; size_t flags; + size_t depth; int token; union { struct { @@ -803,6 +804,12 @@ static json_t *parse_value(lex_t *lex, size_t flags, json_error_t *error) { json_t *json; + lex->depth++; + if(lex->depth > JSON_PARSER_MAX_DEPTH) { + error_set(error, lex, "maximum parsing depth reached"); + return NULL; + } + switch(lex->token) { case TOKEN_STRING: { const char *value = lex->value.string.val; @@ -865,6 +872,7 @@ static json_t *parse_value(lex_t *lex, size_t flags, json_error_t *error) if(!json) return NULL; + lex->depth--; return json; } @@ -872,6 +880,8 @@ static json_t *parse_json(lex_t *lex, size_t flags, json_error_t *error) { json_t *result; + lex->depth = 0; + lex_scan(lex, error); if(!(flags & JSON_DECODE_ANY)) { if(lex->token != '[' && lex->token != '{') { |