mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-02-07 15:03:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add depth limit for JSON (#476)

Browse source
This commit is contained in:
Gautham 2022-07-11 20:47:58 +05:30 committed by GitHub
parent 694a0da990
commit aeee2f9106
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
tool/net/ljson.c
View file

@ -27,6 +27,8 @@
#include "third_party/lua/ltests.h"
#include "third_party/lua/lua.h"
#define MAX_JSON_DEPTH 1024
struct Rc {
int t;
const char *p;
@ -39,6 +41,10 @@ static struct Rc Parse(struct lua_State *L, const char *p, const char *e) {
const char *a;
luaL_Buffer b;
int A, B, C, D, c, d, i, u;
if (lua_gettop(L) >= MAX_JSON_DEPTH) {
luaL_error(L, "maximum depth exceeded\n");
return (struct Rc){-1, p};
}
for (a = p, d = +1; p < e;) {
switch ((c = *p++ & 255)) {
default:
@ -316,6 +322,9 @@ static struct Rc Parse(struct lua_State *L, const char *p, const char *e) {
*/
int DecodeJson(struct lua_State *L, const char *p, size_t n) {
if (n == -1) n = p ? strlen(p) : 0;
lua_checkstack(L, 128);
if(!lua_checkstack(L, MAX_JSON_DEPTH + MAX_JSON_DEPTH/2)) {
luaL_error(L, "unable to set stack depth of %d\n", MAX_JSON_DEPTH + MAX_JSON_DEPTH/2);
return -1;
}
return Parse(L, p, p + n).t;
}

3
tool/net/net.mk
View file

@ -210,6 +210,9 @@ o/$(MODE)/tool/net/demo/virtualbean.html.zip.o: \
-Predbean.justine.lol \
-B
o/$(MODE)/tool/net/ljson.o: \
-DSTACK_FRAME_UNLIMITED
o/$(MODE)/tool/net/redbean-demo.com.dbg: \
$(TOOL_NET_DEPS) \
o/$(MODE)/tool/net/redbean.o \