44 lines
1.2 KiB
Diff
44 lines
1.2 KiB
Diff
--- src/jansson_config.h.in.orig 2016-05-04 11:43:48.386196000 +0800
|
|
+++ src/jansson_config.h.in 2016-05-04 11:44:21.204996000 +0800
|
|
@@ -36,4 +36,8 @@
|
|
otherwise to 0. */
|
|
#define JSON_HAVE_LOCALECONV @json_have_localeconv@
|
|
|
|
+/* Maximum recursion depth for parsing JSON input.
|
|
+ * This limits the depth of e.g. array-within-array constructions. */
|
|
+#define JSON_PARSER_MAX_DEPTH 2048
|
|
+
|
|
#endif
|
|
--- src/load.c.orig 2016-05-04 11:44:34.356957000 +0800
|
|
+++ src/load.c 2016-05-04 11:46:44.547307000 +0800
|
|
@@ -61,6 +61,7 @@ typedef struct {
|
|
typedef struct {
|
|
stream_t stream;
|
|
strbuffer_t saved_text;
|
|
+ size_t depth;
|
|
int token;
|
|
union {
|
|
struct {
|
|
@@ -800,6 +801,12 @@ static json_t *parse_value(lex_t *lex, s
|
|
json_t *json;
|
|
double value;
|
|
|
|
+ lex->depth++;
|
|
+ if(lex->depth > JSON_PARSER_MAX_DEPTH) {
|
|
+ error_set(error, lex, "maximum parsing depth reached");
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
switch(lex->token) {
|
|
case TOKEN_STRING: {
|
|
const char *value = lex->value.string.val;
|
|
@@ -877,6 +884,8 @@ static json_t *parse_json(lex_t *lex, si
|
|
{
|
|
json_t *result;
|
|
|
|
+ lex->depth = 0;
|
|
+
|
|
lex_scan(lex, error);
|
|
if(!(flags & JSON_DECODE_ANY)) {
|
|
if(lex->token != '[' && lex->token != '{') {
|