[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v1][ 06/14] json-lexer: limit the maximum size of a
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH v1][ 06/14] json-lexer: limit the maximum size of a given token |
Date: |
Wed, 1 Jun 2011 12:14:52 -0500 |
From: Anthony Liguori <address@hidden>
Signed-off-by: Michael Roth <address@hidden>
---
json-lexer.c | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/json-lexer.c b/json-lexer.c
index 65c9720..fe5a060 100644
--- a/json-lexer.c
+++ b/json-lexer.c
@@ -18,6 +18,8 @@
#include "qemu-common.h"
#include "json-lexer.h"
+#define MAX_TOKEN_SIZE (64ULL << 20)
+
/*
*
\"([^\\\"]|(\\\"\\'\\\\\\/\\b\\f\\n\\r\\t\\u[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]))*\"
*
'([^\\']|(\\\"\\'\\\\\\/\\b\\f\\n\\r\\t\\u[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]))*'
@@ -309,6 +311,17 @@ static int json_lexer_feed_char(JSONLexer *lexer, char ch)
}
lexer->state = new_state;
} while (!char_consumed);
+
+ /* Do not let a single token grow to an arbitrarily large size,
+ * this is a security consideration.
+ */
+ if (lexer->token->length > MAX_TOKEN_SIZE) {
+ lexer->emit(lexer, lexer->token, lexer->state, lexer->x, lexer->y);
+ QDECREF(lexer->token);
+ lexer->token = qstring_new();
+ lexer->state = IN_START;
+ }
+
return 0;
}
--
1.7.0.4
- [Qemu-devel] [PATCH v1][ 09/14] json-parser: detect premature EOI, (continued)
- [Qemu-devel] [PATCH v1][ 09/14] json-parser: detect premature EOI, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 05/14] json-streamer: allow recovery after bad input, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 12/14] json-lexer: make lexer error-recovery more deterministic, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 02/14] QError: Introduce qerror_format(), Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 13/14] json-streamer: add handling for JSON_ERROR token/state, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 10/14] json-lexer: reset the lexer state on an invalid token, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 01/14] QError: Introduce qerror_format_desc(), Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 04/14] json-parser: propagate error from parser, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 08/14] json-streamer: make sure to reset token_size after emitting a token list, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 06/14] json-lexer: limit the maximum size of a given token,
Michael Roth <=
- [Qemu-devel] [PATCH v1][ 07/14] json-streamer: limit the maximum recursion depth and maximum token count, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 14/14] json-parser: add handling for NULL token list, Michael Roth, 2011/06/01
- [Qemu-devel] [PATCH v1][ 11/14] json-lexer: fix flushing logic to not always go to error state, Michael Roth, 2011/06/01