DragonX/dragonx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Merge pull request #58 from DenioD/duke

Browse Source 
Port Clamp JSON object depth to PHP limit from bitcoin-core #22 to Hush
This commit is contained in:
Duke Leto
2019-12-23 14:34:26 -08:00
committed by GitHub
parent e79a0830d9 c21819beee
commit 83be3aa4e1
5 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/univalue/Makefile.am
View File

@@ -88,6 +88,7 @@ TEST_FILES = \
$(TEST_DATA_DIR)/fail40.json \ $(TEST_DATA_DIR)/fail40.json \
$(TEST_DATA_DIR)/fail41.json \ $(TEST_DATA_DIR)/fail41.json \
$(TEST_DATA_DIR)/fail42.json \ $(TEST_DATA_DIR)/fail42.json \
$(TEST_DATA_DIR)/fail45.json \
$(TEST_DATA_DIR)/fail3.json \ $(TEST_DATA_DIR)/fail3.json \
$(TEST_DATA_DIR)/fail4.json \ $(TEST_DATA_DIR)/fail4.json \
$(TEST_DATA_DIR)/fail5.json \ $(TEST_DATA_DIR)/fail5.json \
@@ -98,6 +99,7 @@ TEST_FILES = \
$(TEST_DATA_DIR)/pass1.json \ $(TEST_DATA_DIR)/pass1.json \
$(TEST_DATA_DIR)/pass2.json \ $(TEST_DATA_DIR)/pass2.json \
$(TEST_DATA_DIR)/pass3.json \ $(TEST_DATA_DIR)/pass3.json \
$(TEST_DATA_DIR)/pass4.json \
$(TEST_DATA_DIR)/round1.json \ $(TEST_DATA_DIR)/round1.json \
$(TEST_DATA_DIR)/round2.json \ $(TEST_DATA_DIR)/round2.json \
$(TEST_DATA_DIR)/round3.json \ $(TEST_DATA_DIR)/round3.json \

12
src/univalue/lib/univalue_read.cpp
View File

@@ -10,6 +10,14 @@
using namespace std; using namespace std;
/*
* According to stackexchange, the original json test suite wanted
* to limit depth to 22. Widely-deployed PHP bails at depth 512,
* so we will follow PHP's lead, which should be more than sufficient
* (further stackexchange comments indicate depth > 32 rarely occurs).
*/
static const size_t MAX_JSON_DEPTH = 512;
static bool json_isdigit(int ch) static bool json_isdigit(int ch)
{ {
return ((ch >= '0') && (ch <= '9')); return ((ch >= '0') && (ch <= '9'));
@@ -325,6 +333,10 @@ bool UniValue::read(const char *raw, size_t size)
stack.push_back(newTop); stack.push_back(newTop);
} }
if (stack.size() > MAX_JSON_DEPTH)
return false;
if (utyp == VOBJ) if (utyp == VOBJ)
setExpect(OBJ_NAME); setExpect(OBJ_NAME);
else else

1
src/univalue/test/fail45.json Normal file
View File

@@ -0,0 +1 @@
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

1
src/univalue/test/pass4.json Normal file
View File

@@ -0,0 +1 @@
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

2
src/univalue/test/unitester.cpp
View File

@@ -114,6 +114,7 @@ static const char *filenames[] = {
"fail40.json", // invalid unicode: broken UTF-8 "fail40.json", // invalid unicode: broken UTF-8
"fail41.json", // invalid unicode: unfinished UTF-8 "fail41.json", // invalid unicode: unfinished UTF-8
"fail42.json", // valid json with garbage following a nul byte "fail42.json", // valid json with garbage following a nul byte
"fail45.json", // nested beyond max depth
"fail3.json", "fail3.json",
"fail4.json", // extra comma "fail4.json", // extra comma
"fail5.json", "fail5.json",
@@ -124,6 +125,7 @@ static const char *filenames[] = {
"pass1.json", "pass1.json",
"pass2.json", "pass2.json",
"pass3.json", "pass3.json",
"pass4.json",
"round1.json", // round-trip test "round1.json", // round-trip test
"round2.json", // unicode "round2.json", // unicode
"round3.json", // bare string "round3.json", // bare string